[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#858807: marked as done (/var/run/sshd should move to /run/sshd for stretch)

Your message dated Thu, 30 Mar 2017 11:34:34 +0000
with message-id <E1ctYLa-000CGU-KP@fasolo.debian.org>
and subject line Bug#760422: fixed in openssh 1:7.4p1-10
has caused the Debian Bug report #760422,
regarding /var/run/sshd should move to /run/sshd for stretch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
760422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760422
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:7.4p1-9
Severity: important

Hi,

the sshd process still puts the privilege separation directory in
/var/run/sshd. Since /var/run is symlinked to /run, this is fine in
the vast majority of cases. However, in rare cases where /var is on a
dedicated filesystem, it might be the case that /var is not yet fully
mounted when sshd is started.

Moving the privilege separation directory to /run fixes this issue at
least for ssh, which is important since one is able to fix other
things on the system once one is able to log in.

I therefore believe that this trivial change should be in stretch.

Long version (including a bit of systemd ranting, excuse me for that):

(1)
Before systemd, an early init script would issue a mount -a call which
in turn mounted all file systems marked auto in /etc/fstab and only
returned when all possible mounts completed. A failed mount of a
single file system resulted in a failed mount but allowed the boot to
continue, which frequently resulted in a crippled system, but one that
could be logged into even from remote to fix things.

(2)
systemd's default behavior is to stop the boot process once a single
filesystem fails to mount, which needs (a) access to the console of
the system which might be time-consuming and expensive in the case of
a headless server in a datacenter and (b) the root password to fix
things, which might be hard to obtain. A lot of companies keep the
root passwords of the servers in a safe or divided between two people,
one of them at manager level, which need to be called up to get access
to the root password. In those situations, root access for the admins
is usually obtained with sudo after a normal login. Therefore, needing
the root password to handle a thing as simple as a failed mount is bad.

(3)
If the "nofail" option is set on the fstab entry, the hard dependency
of local-fs.target to, for example, var.mount is relaxed. While this
is frequently mistaken as what an admin wanting to get (1) behavior
back wants, it actually does make the system not even wait for the
mount to complete before the boot continues. In the /var case, this
leads to systemd-tmpfiles-setup.service creating /var/run/sshd on the
mount point, which is over-mounted by the actual /var a second later,
which in turn has the /var/run => /run symlink with /run/sshd missing,
resulting in a systemd that cannot be logged in to because sshd is
missing its privilege separation directory.

Since there is currently no way to take a decision other than (2) or
(3) short of moving /var to the root file system, ssh should be using
/run instead of /var/run in the first place.

Thanks for considering.

Greetings
Marc

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:7.4p1-10

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 760422@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 30 Mar 2017 11:19:04 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-10
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 760422 856825 858252
Changes:
 openssh (1:7.4p1-10) unstable; urgency=medium
 .
   * Move privilege separation directory and PID file from /var/run/ to /run/
     (closes: #760422, #856825).
   * Unbreak Unix domain socket forwarding for root (closes: #858252).
Checksums-Sha1:
 249dad799d16aee313f13b1b1e2c227f861a81c5 2960 openssh_7.4p1-10.dsc
 abe321b456ce5ab16e4eaa458dc980a2dee0b04d 160804 openssh_7.4p1-10.debian.tar.xz
 a12997737c4b2ac6d7e77ec2b218d982b9f54861 13586 openssh_7.4p1-10_source.buildinfo
Checksums-Sha256:
 06c0e53e2a5e2027abd0ad0d94a6b4e689cd66d48716760355ff740d51860b3f 2960 openssh_7.4p1-10.dsc
 e6f5dd27d051f34b642439ddd03fc12d371168e7ea5afedcb2ee2f9fd436fe7c 160804 openssh_7.4p1-10.debian.tar.xz
 f417c8e960069165786ef6ced2223465bbd3746f4a244cf9af851cc6c34e2147 13586 openssh_7.4p1-10_source.buildinfo
Files:
 2d3786726a400b149bd9a09b400f9518 2960 net standard openssh_7.4p1-10.dsc
 8c2fc66bbb0c80907282ac0b372fdaa7 160804 net standard openssh_7.4p1-10.debian.tar.xz
 cab4f59f84101cc53c6736f2bc950d9e 13586 net standard openssh_7.4p1-10_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAljc6E4ACgkQOTWH2X2G
UAtH9A/+JoYiP4LlNYzuF+OCxEQqud7qa1Er0HimGvYN4XdpxFm2zNwUolEhNAb6
NKTADG6lf9OAFen8d3VQ/cpsD+Fs7acNFSzBjqiU6bPg0FTt5OxMvWJSD3O1TtXX
uTDyI7yj2Rccstd09ttNYaLrtuHFpv3SWRZIqNIQ4oftTMTrO2UMekRlx43VW/Tu
gorRFVeOAbmR1sShu0o/Nppj+OPnQgL/x3IiA+I2kDTEGmG1ey16ovjNMozBz6Nj
sWVGey3QLLWBT+YUvCljfB8mR65HSrc0XmeqAKIvMyqAZwHD+DqV0/tyhOWGb0Be
zmnuaZRjFWfviwqOu08MQxF1bbMaC3GmBr6rs46eQYXf6dRJh811/6ZSJakvR3HS
rTtXPRXU2B5gUoiQ/2Xlzbt2nnd9U16GwyqzibN2tgbGEbAGqSf/2hsurm90AxEu
6sSUGY5YpzFcnqOjGZi3C149PzgPgXqujHnmpEXPtbV+p3j5FUpF4N8Z0gRqbq1i
oW7yCGKLHQNeC8RvoeoBsVLo2rGGs9/k1abuMkm+ZyZna0MGimZNS1Wz7xmlN+bD
aehXf5YEylgv5YzJcd5wu/4lDo9SoKAzGiRc0d4ieT4OW4ds5Oh1vOIrDwz/bW/L
dHgIkBrYSuVjb5k2awGJarH3r4mpzTCYm5OuR+SgdyecFdJSnoo=
=8WxW
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: