diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
| commit | 19a66dbf4f929c0d9aa89af5b2282470cfb5726b (patch) | |
| tree | e43bd194656f2ea900b922a17d8f3b93560b6688 | |
| parent | 08432d54faf63a2f5f9c264ac8ff6aa343ebeabc (diff) | |
| download | openssh-git-19a66dbf4f929c0d9aa89af5b2282470cfb5726b.tar.gz | |
- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rwxr-xr-x | contrib/aix/buildbff.sh | 44 |
2 files changed, 22 insertions, 25 deletions
@@ -1,5 +1,6 @@ 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. + - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch @@ -5418,4 +5419,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $ +$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118..03f0d604 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ +# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -200,33 +200,29 @@ do done echo -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +# Create PrivilegeSeparation user and group if not present +echo Checking for PrivilegeSeparation user and group. +if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." + echo "PrivSep group $SSH_PRIVSEP_USER already exists." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER +fi - # Create user if required - if lsuser "$SSH_PRIVSEP_USER" >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi +# Create user if required +if lsuser "$SSH_PRIVSEP_USER" >/dev/null +then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." +else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER +fi +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo UsePrivilegeSeparation not enabled, privsep directory not required. +else # create chroot directory if required if [ -d $PRIVSEP_PATH ] then |