Agent Socket Directory

Darren J Moffat Darren.Moffat at Sun.COM
Thu Mar 20 02:23:27 EST 2003


On Wed, 19 Mar 2003, Mark Janssen wrote:

> On Wed, 2003-03-19 at 06:04, imacat wrote:
> >     Is it possible to move agent sockets to directories other than /tmp?
> > For ex., move to /var/run/ssh?
> ...
> > PID files and sockets should always go to /var/run.  I understand that
> > it is not possible for an ordinary user to write to /var/run, but it is
> > possible to create a subdirectory under /var/run that has the permission
> > of 1777.  Besides, I hate to see a lot of annoying things in /tmp.  It
>
> Isn't that just moving the problem (to /var/run) and making it bigger in
> the process, since there will then be _another_ world writable
> directory, and in /var this time. I'd rather have only 1 world writable
> directory, /tmp, which I can put in it's own filesystem.

Also the whole point of /var/run is that is it not world writeable and is
not intended for random user temp files and sync points.  /var/run is
intended for system services (system lock files, doors, AF_UNIX
sockets) not user stuff.

ssh-agent runs as the user not as any priveleged account.

-- 
Darren J Moffat




More information about the openssh-unix-dev mailing list