patch: contrib/redhat/openssh.spec updates for privsep

Pekka Savola pekkas at netcore.fi
Tue May 7 07:03:20 EST 2002 

Hello!

Now that PrivSep stuff works for PAM too, I took the time to update 
contrib/redhat/openssh.spec to create the sshd user and set up the 
/var/empty dir when installing the packages.

These have been done the Red Hat style, the uid/gif 74 is currently free 
in RHL.

The only minor issues I could think of were:
 - I'm not sure if /var/empty should be owned by openssh-server package, 
but rather a filesystems package or such.. Is this even LSB compliant?
 - do all of these 'useradd' options also work in some "ancient" versions 
of RHL, like 5.2?

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords
-------------- next part --------------
Index: openssh.spec
===================================================================
RCS file: /cvs/openssh/contrib/redhat/openssh.spec,v
retrieving revision 1.97
diff -u -r1.97 openssh.spec
--- openssh.spec	23 Apr 2002 11:17:18 -0000	1.97
+++ openssh.spec	6 May 2002 21:01:42 -0000
@@ -85,7 +85,7 @@
 Summary: The OpenSSH server daemon.
 Group: System Environment/Daemons
 Obsoletes: ssh-server
-PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
+PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9, /usr/sbin/useradd
 %if %{redhat7}
 Requires: /etc/pam.d/system-auth
 %endif
@@ -202,6 +202,7 @@
 	DESTDIR=/ # Hack to disable key generation
 
 
+install -d $RPM_BUILD_ROOT/var/empty
 install -d $RPM_BUILD_ROOT/etc/pam.d/
 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
@@ -238,6 +239,9 @@
 	/sbin/chkconfig --del sshd
 fi
 
+%pre server
+/usr/sbin/useradd -c "sshd privilege separation user" -r -M -s /sbin/nologin -u 74 -d /var/empty sshd 2>/dev/null || :
+
 %files
 %defattr(-,root,root)
 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
@@ -271,6 +275,7 @@
 
 %files server
 %defattr(-,root,root)
+%attr(0755,root,root) /var/empty
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0644,root,root) %{_mandir}/man8/sshd.8*

More information about the openssh-unix-dev mailing list