Re: openssh sshd user vs. group ???
Colin Watson wrote:
>
> On Wed, Jul 03, 2002 at 12:17:20AM -0500, Michael D. Schleif wrote:
> > Derrick 'dman' Hudson wrote:
> > > On Tue, Jul 02, 2002 at 11:07:57PM -0500, Michael D. Schleif wrote:
> > > | According to the docs, supposing that I were to compile this by hand, I
> > > | would need to create *both* an sshd user and an sshd group.
> > > |
> > > | Installing via apt-get, the sshd user is added; but, there is *NO* sshd
> > > | group!
> [...]
> > ``When privsep is enabled, during the pre-authentication phase sshd will
> > chroot(2) to "/var/empty" and change its privileges to the "sshd" user
> > and its primary group.
>
> "Its primary group" doesn't have to be called sshd. There's no
> particular reason to create a separate group.
Other than the source documentation; and, of course, lack of
distribution documentation on this point . . .
> > The apt-get install process created that same sshd user; but, there is
> > *NO* /home/sshd directory.
>
> There's no reason why you should think from the documentation that
> /home/sshd needs to exist either.
Since I do *NOT* have the Makefile used to compile the distribution, I
cannot know much about the distribution compile -- hence, I ask leading
questions ;>
> The Debian package is configured slightly differently from that
> /var/empty recommendation in order to follow policy better. It uses
> /var/run/sshd instead. Other than that there's no difference from the
> documentation.
In fact, why not make /var/run/sshd home directory for sshd user? That
way, those of us who are really slow might eventually catch up on this
at our own pace ;>
OK, yes, I do understand both the TIMTOWTDI arguments and yours.
I know what the README.privsep doc says, because I needed to build ssh
for our embedded application and I read the source documentation.
I also know that the source provides an sshd.8 manpage that includes,
among else, this:
/var/empty
chroot(2) directory used by sshd during privilege separation in
the pre-authentication phase. The directory should not contain
any files and must be owned by root and not group or world-
writable.
What I do find, except for this very thread, is:
[a] debian *NOT* following the source documentation;
[b] *NO* /var/empty nor /home/sshd directories;
[c] *NO* debian documentation publishing these deviations from source
instructions;
[d] debian documentation deviates from source documentation, including
manpages; and
[e] *NO* debian documentation demonstrating that these changes achieve
same goals as source distribution.
Notice, I am *NOT* attempting to be critical here! Yes, now that you
mention it, I do find this in sshd.8:
/var/run/sshd
chroot(2) directory used by sshd during privilege separation in
the pre-authentication phase. The directory should not contain
any files and must be owned by root and not group or world-
writable.
For whatever reason, my eyeballs skipped from /etc/moduli to
/var/run/sshd.pid under FILES section.
We depend on ssh to facilitate highest possible security for our
systems! Deviations from what *IS* documented cast doubt -- at least,
from my perspective.
Of course, that is why I have posted this in the first place ;>
Now, I do understand. Nevertheless, I think that debian could make such
things clearer at the outset, rather than prompting me to doubt and
question -- or, perhaps, I am just daft ;>
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: