- jmc@cvs.openbsd.org 2006/02/19 19:52:10

     [sshd.8]
     move the sshrc stuff out of FILES, and into its own section:
     FILES is not a good place to document how stuff works;

2 files changed, 56 insertions, 45 deletions

diff --git a/ChangeLog b/ChangeLog
index 4c24cacc..27bdea89 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -119,6 +119,10 @@
    - jmc@cvs.openbsd.org 2006/02/16 09:05:34
      [sshd.8]
      sync some of the FILES entries w/ ssh.1;
+   - jmc@cvs.openbsd.org 2006/02/19 19:52:10
+     [sshd.8]
+     move the sshrc stuff out of FILES, and into its own section:
+     FILES is not a good place to document how stuff works;
 
 20060313
  - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4020,4 +4024,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $
+$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $
diff --git a/sshd.8 b/sshd.8
index 6d79f175..6df9d8aa 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -370,9 +370,54 @@ The
 .Dq rc
 files are given the X11
 authentication protocol and cookie in standard input.
+See
+.Sx SSHRC ,
+below.
 .It
 Runs user's shell or command.
 .El
+.Sh SSHRC
+If the file
+.Pa ~/.ssh/rc
+exists,
+.Xr sh 1
+runs it after reading the
+environment files but before starting the user's shell or command.
+It must not produce any output on stdout; stderr must be used
+instead.
+If X11 forwarding is in use, it will receive the "proto cookie" pair in
+its standard input (and
+.Ev DISPLAY
+in its environment).
+The script must call
+.Xr xauth 1
+because
+.Nm
+will not run xauth automatically to add X11 cookies.
+.Pp
+The primary purpose of this file is to run any initialization routines
+which may be needed before the user's home directory becomes
+accessible; AFS is a particular example of such an environment.
+.Pp
+This file will probably contain some initialization code followed by
+something similar to:
+.Bd -literal -offset 3n
+if read proto cookie && [ -n "$DISPLAY" ]; then
+	if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+		# X11UseLocalhost=yes
+		echo add unix:`echo $DISPLAY |
+		    cut -c11-` $proto $cookie
+	else
+		# X11UseLocalhost=no
+		echo add $DISPLAY $proto $cookie
+	fi | xauth -q -
+fi
+.Ed
+.Pp
+If this file does not exist,
+.Pa /etc/ssh/sshrc
+is run, and if that
+does not exist either, xauth is used to add the cookie.
 .Sh AUTHORIZED_KEYS FILE FORMAT
 .Cm AuthorizedKeysFile
 specifies the file containing public keys for
@@ -651,46 +696,8 @@ This file should be writable only by root/the owner and
 can, but need not be, world-readable.
 .Pp
 .It ~/.ssh/rc
-If this file exists, it is run with
-.Pa /bin/sh
-after reading the
-environment files but before starting the user's shell or command.
-It must not produce any output on stdout; stderr must be used
-instead.
-If X11 forwarding is in use, it will receive the "proto cookie" pair in
-its standard input (and
-.Ev DISPLAY
-in its environment).
-The script must call
-.Xr xauth 1
-because
-.Nm
-will not run xauth automatically to add X11 cookies.
-.Pp
-The primary purpose of this file is to run any initialization routines
-which may be needed before the user's home directory becomes
-accessible; AFS is a particular example of such an environment.
-.Pp
-This file will probably contain some initialization code followed by
-something similar to:
-.Bd -literal
-if read proto cookie && [ -n "$DISPLAY" ]; then
-	if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
-		# X11UseLocalhost=yes
-		echo add unix:`echo $DISPLAY |
-		    cut -c11-` $proto $cookie
-	else
-		# X11UseLocalhost=no
-		echo add $DISPLAY $proto $cookie
-	fi | xauth -q -
-fi
-.Ed
-.Pp
-If this file does not exist,
-.Pa /etc/ssh/sshrc
-is run, and if that
-does not exist either, xauth is used to add the cookie.
-.Pp
+Contains initialization routines to be run before
+the user's home directory becomes accessible.
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
@@ -802,9 +809,9 @@ The file format and configuration options are described in
 .Xr sshd_config 5 .
 .Pp
 .It /etc/ssh/sshrc
-Like
-.Pa ~/.ssh/rc .
-This can be used to specify
+Similar to
+.Pa ~/.ssh/rc ,
+it can be used to specify
 machine-specific login-time initializations globally.
 This file should be writable only by root, and should be world-readable.
 .Pp