Bug#679751: please clarify package account and home directory location in policy
On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:
> Marc Haber <mh+debian-packages@zugschlus.de> writes:
> > On Mon, Jul 02, 2012 at 09:50:37AM -0700, Russ Allbery wrote:
>
> >> I'm not sure that I understand the use case. I've never needed to
> >> create an authorized_keys file for a system account created by a
> >> package. Maybe you could explain more about what you're doing that
> >> makes this a reasonable thing to do?
>
> > The package has a collector and a presenter component and uses
> > rsync-over-ssh to transfer collected data to the presenter.
>
> Ah, okay. For that use case, the only thing that you would care about the
> user home directory containing is the authorized_keys file, correct?
known_hosts and the key itself.
> In this case, you could either put the home directory in /etc, or put the
> home directory in /var/lib with a symlink from .ssh/authorized_keys to
> /etc. I would tend to do the latter since you can then use more
> reasonable file names in /etc, such as /etc/<package>/authorized_keys.
>
> I confirmed that sshd is perfectly happy with a /var/lib/<package>
> directory with an .ssh subdirectory owned by root and a root-owned symlink
> from authorized_keys to a file /etc. I would pre-create the file in /etc
> with a comment saying what it's for.
Will try that *sigh*
Thanks for your comments.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
Reply to: