Patch: Solaris packages don't create privsep user or group
Jim Knoble
jmknoble at pobox.com
Wed Jul 17 05:52:38 EST 2002
Circa 2002-Jul-16 10:50:30 +1000 dixit Darren Tucker:
: Darren Tucker wrote:
: > Ben Lindstrom wrote:
: > > Hmm.. Does this work with JumpStart? Can you add users at install time?
: >
: > I didn't even consider that. We use jumpstart to build machines but
: > don't install sshd until after the first boot (ie not in the
: > finish_script). I'll try to dig up some spare hardware to try it.
:
: OK I can confirm that it does NOT work with Jumpstart. useradd and
: groupadd try to modify the read-only files on the jumpstart NFS image.
:
: Should we:
: (a) move them to the /etc/init.d/openssh script same as the keygens
: (b) attempt to hand-hack $PKG_INSTALL_ROOT/etc/passwd
: (c) chroot tricks?
: (d) ?
:
: I prefer (a).
My preference would be:
(d) Move them to an 'openssh-setup' script that does the following:
- creates /var/empty if it doesn't exist
- sets proper ownership and permissions on /var/empty
- creates the privsep user/group using usual tools
- if desired, turns on/off privsep in sshd_config
- other optional post-install setup (such as creating a service
directory for use with svscan/supervise/multilog from djb's
daemontools package <http://cr.yp.to/daemontools.html>).
This is the only sane way to deal with post-install package
configuration. I've been using such a schema for some time to handle
post-install configuration both for homegrown Encap packages
<http://www.encap.org/> of OpenSSH on HP-UX, AIX, and Slolaris, and for
my homegrown RPM packages for various Linux flavors.
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020716/947921a6/attachment.bin
More information about the openssh-unix-dev
mailing list