Agent Socket Directory

imacat imacat at mail.imacat.idv.tw
Wed Mar 19 16:04:24 EST 2003 

Dear All,

    Is it possible to move agent sockets to directories other than /tmp?
For ex., move to /var/run/ssh?

    I don't know if anyone has asked for this before.  I'm asking this
because according to the current FHS 2.2 (http://www.pathname.com/fhs/),
PID files and sockets should always go to /var/run.  I understand that
it is not possible for an ordinary user to write to /var/run, but it is
possible to create a subdirectory under /var/run that has the permission
of 1777.  Besides, I hate to see a lot of annoying things in /tmp.  It
affects my judgements on suspicious files hackers may create at /tmp.

    I know ssh-agent can set a custom socket location, but not sshd on
the target machine.  It is hardcoded in session.c.  Also ssh-agent's default
socket directory is also hardcoded.  It's troublesome to safely change
the socket location for all the users.  I have tried to make a patch
myself to change the socket directory to /var/run/ssh from the source,
but I don't think this is a good answer.  It should be set in ssh_config
and sshd_config, or at least when running configure.

    Is there a plan to set the socket directory a configurable option? 
Or is there any reason not to do this?

    As far as I can tell from the source, it uses a safe OpenBSD strlcpy()
to set the socket directory.  It should not be too hard to make it
configurable (although it may be strange to the users if the directory
is truncated due to system limit).  I can make a patch to configure.in
to do this, with a little time, but I don't know how to make it in the
configuration files ssh_config and sshd_config.  Is there any suggestion
from you developers?

    Thank you for your patience for this.

-- 
imacat ^_*'
imacat at mail.imacat.idv.tw
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

Tavern IMACAT's http://www.imacat.idv.tw/
Woman's Voice http://www.wov.idv.tw/
TLUG List Manager http://www.linux.org.tw/mailman/listinfo/tlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030319/8e109c12/attachment.bin

More information about the openssh-unix-dev mailing list