Re: openssh sshd user vs. group ???
On Wed, Jul 03, 2002 at 12:17:20AM -0500, Michael D. Schleif wrote:
> Derrick 'dman' Hudson wrote:
> > On Tue, Jul 02, 2002 at 11:07:57PM -0500, Michael D. Schleif wrote:
> > | According to the docs, supposing that I were to compile this by hand, I
> > | would need to create *both* an sshd user and an sshd group.
> > |
> > | Installing via apt-get, the sshd user is added; but, there is *NO* sshd
> > | group!
> ``When privsep is enabled, during the pre-authentication phase sshd will
> chroot(2) to "/var/empty" and change its privileges to the "sshd" user
> and its primary group.
"Its primary group" doesn't have to be called sshd. There's no
particular reason to create a separate group.
> The apt-get install process created that same sshd user; but, there is
> *NO* /home/sshd directory.
There's no reason why you should think from the documentation that
/home/sshd needs to exist either.
The Debian package is configured slightly differently from that
/var/empty recommendation in order to follow policy better. It uses
/var/run/sshd instead. Other than that there's no difference from the
Colin Watson [email@example.com]
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com