Patch: Solaris packages don't create privsep user or group

Darren Tucker dtucker at zip.com.au
Thu Jul 18 19:31:23 EST 2002 

Tim Rice wrote:
> should be
>         if cut -f3 -d: ${PKG_INSTALL_ROOT}/etc/group | egrep '^'67'$' >/dev/null
>         then
>                 :
>         else
>                 sshdgid="-g 67"
>         fi
> Same for the /etc/passwd check.

Good point.

> I put a lot of work into being able to build/install a test package
> without touching important files on what may be a production system.

Is there any reason you don't use pkgadd -R for your testing instead?
(Assuming it's available on all supported SysV platforms). It would
allow you to simplify buildpkg and help ensure that Jumpstart installs
continue to work. You could also test and deploy the same packages
rather than rebuilding them.

See attachment for example scaffolding, tested on Solaris 7 only.

> The one that bothers me is that adding the user/group is not optional.
>
> I see a couple of options. Add a prompt to request or wrap groupadd/useradd
> around a test -z "${TEST_DIR}"
> 
> I'm leaning towards adding a prompt to request.
> Opinions?

As it stands the creation of the user and group are contingent on
privsep being enabled. If privsep is enabled and you want sshd to work
then the having the user and group isn't optional.

I'd put it in /etc/init.d/opensshd.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
#!/bin/sh

testroot=/tmp/testinstall

rm -rf $testroot

mkdir -p $testroot/etc/rc0.d $testroot/etc/rc1.d $testroot/etc/rc2.d \
	$testroot/etc/rcS.d $testroot/usr/sbin $testroot/usr/bin $testroot/etc

touch $testroot/etc/passwd $testroot/etc/group

cat >fake.c <<EOD
#include <stdio.h>
int main(int argc, char **argv)
{
	int i;
	printf("Pretending to");
	for(i=0; i<argc; i++)
		printf(" %s", argv[i]);
	printf("\n");
	exit(0);
}
EOD

gcc -static -o fake fake.c

cp fake $testroot/usr/bin/passwd
cp fake $testroot/usr/sbin/useradd
cp fake $testroot/usr/sbin/groupadd

pkgadd -R $testroot -d OpenSSH*.pkg OpenSSH

More information about the openssh-unix-dev mailing list