Bug#679751: please clarify package account and home directory location in policy
Marc Haber <mh+debian-packages@zugschlus.de> writes:
> On Mon, Jul 02, 2012 at 09:50:37AM -0700, Russ Allbery wrote:
>> I'm not sure that I understand the use case. I've never needed to
>> create an authorized_keys file for a system account created by a
>> package. Maybe you could explain more about what you're doing that
>> makes this a reasonable thing to do?
> The package has a collector and a presenter component and uses
> rsync-over-ssh to transfer collected data to the presenter.
Ah, okay. For that use case, the only thing that you would care about the
user home directory containing is the authorized_keys file, correct?
In this case, you could either put the home directory in /etc, or put the
home directory in /var/lib with a symlink from .ssh/authorized_keys to
/etc. I would tend to do the latter since you can then use more
reasonable file names in /etc, such as /etc/<package>/authorized_keys.
I confirmed that sshd is perfectly happy with a /var/lib/<package>
directory with an .ssh subdirectory owned by root and a root-owned symlink
from authorized_keys to a file /etc. I would pre-create the file in /etc
with a comment saying what it's for.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: