diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-07-15 18:49:20 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-07-15 18:49:20 +0000 |
| commit | 104c3feb6999556db85283a8ba7ac1f8c38b5609 (patch) | |
| tree | 42a2b2d0d3e516c595f74b742ece297a1d63a9c6 | |
| parent | 938b8285661f56181405b8c1637b31bf7b618de0 (diff) | |
- (bal) Privsep user creation support in Solaris buildpkg.sh by
dtucker@zip.com.au
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rwxr-xr-x | contrib/solaris/buildpkg.sh | 40 |
2 files changed, 43 insertions, 1 deletions
@@ -8,6 +8,8 @@ EVP_CIPH_CUSTOM_IV for our own rijndael - (bal) Remove unused tty defined in do_setusercontext() pointed out by dtucker@zip.com.au plus a a more KNF since I am near it. + - (bal) Privsep user creation support in Solaris buildpkg.sh by + dtucker@zip.com.au 20020714 - (tim) [Makefile.in] replace "id sshd" with "sshd -t" @@ -1372,4 +1374,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2369 2002/07/15 17:58:34 mouring Exp $ +$Id: ChangeLog,v 1.2370 2002/07/15 18:49:20 mouring Exp $ diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index 426db1f6..def325b8 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh @@ -98,6 +98,19 @@ do eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` done + +## Collect value of privsep user +for confvar in SSH_PRIVSEP_USER +do + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` +done + +## Set privsep defaults if not defined +if [ -z "$SSH_PRIVSEP_USER" ] +then + SSH_PRIVSEP_USER=sshd +fi + ## Extract common info requires for the 'info' part of the package. VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` @@ -214,6 +227,33 @@ fi installf -f ${PKGNAME} +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" + echo "or group." +else + echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." + + # create group if required + if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep group $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + groupadd $SSH_PRIVSEP_USER + fi + + # Create user if required + if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER $SSH_PRIVSEP_USER + passwd -l $SSH_PRIVSEP_USER + fi +fi + [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start exit 0 _EOF |