- (bal) Privsep user creation support in Solaris buildpkg.sh by

dtucker@zip.com.au
This commit is contained in:
Ben Lindstrom 2002-07-15 18:49:20 +00:00
parent 938b828566
commit 104c3feb69
2 changed files with 43 additions and 1 deletions

View File

@ -8,6 +8,8 @@
EVP_CIPH_CUSTOM_IV for our own rijndael
- (bal) Remove unused tty defined in do_setusercontext() pointed out by
dtucker@zip.com.au plus a a more KNF since I am near it.
- (bal) Privsep user creation support in Solaris buildpkg.sh by
dtucker@zip.com.au
20020714
- (tim) [Makefile.in] replace "id sshd" with "sshd -t"
@ -1372,4 +1374,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2369 2002/07/15 17:58:34 mouring Exp $
$Id: ChangeLog,v 1.2370 2002/07/15 18:49:20 mouring Exp $

View File

@ -98,6 +98,19 @@ do
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
do
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
done
## Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
SSH_PRIVSEP_USER=sshd
fi
## Extract common info requires for the 'info' part of the package.
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
@ -214,6 +227,33 @@ fi
installf -f ${PKGNAME}
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
then
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
echo "or group."
else
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
# create group if required
if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
else
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
groupadd $SSH_PRIVSEP_USER
fi
# Create user if required
if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
else
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
passwd -l $SSH_PRIVSEP_USER
fi
fi
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF