Default path to identity file
Christian Pfaffel
flash at itp.tu-graz.ac.at
Thu Aug 26 16:59:16 EST 2004
"Robert Dahlem" <Robert.Dahlem at gmx.net> writes:
> On Wed, 25 Aug 2004 09:47:02 -0500 (CDT), Ben Lindstrom wrote:
>
> >> Identity files are always expanded by tilde_expand_filename() which
> >> gets the name of the home directory from getpwuid(my_uid)->pw_dir.
> >>
> >> This is not what I expect (well, hope :-) when my UID is 0 but I'm not
> >> root.
>
> >It's in bad form to have more than one UID 0 account. Heck any duplicate
> >UID in general. A lot of software can't correctly identify which users
> >and thus it will assume the first one found in a linear search of the
> >password file.
>
> Tell the suits. :-( Requirement is to not administrate as root but under
> an account for the use of one single named person. There is a german
> saying "vom Regen in die Traufe kommen", which dict.leo.org translates to
> "out of the frying pan into the fire". You get it?
>
> Regards,
> Robert
>
If you feel lucky you could try to code something like that for ssh.c
char * logname;
logname = getlogin ( void );
change the calls in load_public_identity_files(void) from
tilde_expand_filename() to tilde_expand_filename(...,original_real_uid,logname)
hack tilde_expand to use getpwnam() instead of getpwuid() if
original_real_uid = 0
I would not do that though. Maybe it is just simpler/safer (see
getlogin(3)) to talk the suits into adjusting their policy.
regards,
Christian
--
Christian Pfaffel <flash at itp.tu-graz.ac.at>
Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
More information about the openssh-unix-dev
mailing list