diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
commit | 19a66dbf4f929c0d9aa89af5b2282470cfb5726b (patch) | |
tree | e43bd194656f2ea900b922a17d8f3b93560b6688 /contrib | |
parent | 08432d54faf63a2f5f9c264ac8ff6aa343ebeabc (diff) |
- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/aix/buildbff.sh | 44 |
1 files changed, 20 insertions, 24 deletions
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118..03f0d604 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ +# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -200,33 +200,29 @@ do done echo -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +# Create PrivilegeSeparation user and group if not present +echo Checking for PrivilegeSeparation user and group. +if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." + echo "PrivSep group $SSH_PRIVSEP_USER already exists." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER +fi - # Create user if required - if lsuser "$SSH_PRIVSEP_USER" >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi +# Create user if required +if lsuser "$SSH_PRIVSEP_USER" >/dev/null +then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." +else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER +fi +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo UsePrivilegeSeparation not enabled, privsep directory not required. +else # create chroot directory if required if [ -d $PRIVSEP_PATH ] then |