making openssh work with chroot()'ed accounts?
James Ralston
qralston+ml.openssh-unix-dev at andrew.cmu.edu
Tue Sep 18 10:00:49 EST 2001
On Mon, 17 Sep 2001 mouring at etoh.eviladmin.org wrote:
> Yes. Maintaining such machinery [replicated programs/libraries for
> chroot'ed directory structures] is nasty, IMHO.. =) But I tend to
> deploy chroot() sparingly.
To some degree, I agree, but IMO it's a small price to pay for being
able to run something in a chroot() environment.
> Sorry, I will not claim to understand PAM in some respects. I know
> that PAM does not always act the same on every platform (Seems HP/UX
> vs Solaris to be the major waring parties. =).
Well, let me ask this: do you approve of this method?
I don't think it will too difficult to patch sshd to always use
do_pam_session, and do it appropriately (famous last words, I know).
It might work, it might not; I'll have to test it to see.
But if the patch *does* work, I'd rather see it (eventually) get
accepted back into the distribution. Having "unofficial" patches
floating around for a software package is a pain for all involved...
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
More information about the openssh-unix-dev
mailing list