diff options
author | Damien Miller <djm@mindrot.org> | 2002-06-22 00:48:02 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-06-22 00:48:02 +1000 |
commit | 828b1962141114df191013abe18e425e10df868d (patch) | |
tree | e5cb92751abc3403c45904dc8c76ff6aa4660361 | |
parent | 263d68fc567c831e1e16d5c49efb4964ed144f64 (diff) |
mention systems without mmap or MAP_ANON
-rw-r--r-- | README.privsep | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/README.privsep b/README.privsep index 79ea6278..6c798f3a 100644 --- a/README.privsep +++ b/README.privsep @@ -8,6 +8,10 @@ More information is available at: Privilege separation is now enabled by default; see the UsePrivilegeSeparation option in sshd_config(5). +On systems which lack mmap or anonymous (MAP_ANON) memory mapping, +compression must be disabled in order for privilege separation to +function. + When privsep is enabled, the pre-authentication sshd process will chroot(2) to "/var/empty" and change its privileges to the "sshd" user and its primary group. You should do something like the following to @@ -53,4 +57,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.6 2002/06/21 14:45:50 djm Exp $ +$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $ |