comments and fiddling

author: Andrew Cady <d@cryptonomic.net> 2021-10-24 04:58:30 -0400
committer: Andrew Cady <d@cryptonomic.net> 2021-10-24 05:48:56 -0400
commit: 187db8e649641aa64dc49c29ea6bbeba1f7cabf7 (patch)
tree: 7d4795161361f4bebe7d5d29dc111f77c1956728
parent: 82724b1955cb39fde0d920e3de7a61574502f56a (diff)
3 files changed, 28 insertions, 20 deletions
diff --git a/EndoForge/README.md b/EndoForge/README.md
index 9abcabe..0b1a8dd 100644
--- a/EndoForge/README.md
+++ b/EndoForge/README.md
@@ -71,20 +71,19 @@ editing the system `OpenSSH` configuration.
 NON-ROOT INSTALLATION
 ---------------------
-If sudo access is not available, you can install to a different
+A configuration is included for running OpenSSH from an unprivileged user
-location:
+account.  Try it like so:
 ```
-  make SSH_CONFIG_DIR=.config/ssh \
+  cd EndoForge
-       SSHD_CONFIG_DIR=.config/ssh/config.d \
+  make install
-       SSH_LIB_DIR=.local/lib/ssh \
+  cd openssh
-       install
+  make run
 ```
-Then you will need to run `OpenSSH` on a non-default port (the default
+This launches a script that uses 'fakeroot' and to make OpenSSH think the
-port requires root access).
+permissions are OK.
diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand
index 063444e..0e6d285 100755
--- a/EndoForge/openssh/AuthorizedKeysCommand
+++ b/EndoForge/openssh/AuthorizedKeysCommand
@@ -1,4 +1,9 @@
 #!/bin/sh
+# Modified AuthorizedKeysCommand for running OpenSSH as unprivileged user.
+#
+# Uses the home directory of the calling user (ascertained through "id -un")
+# instead of the authenticated user.
 fingerprint=$3
 authline="$4 $5"
diff --git a/EndoForge/openssh/run-sshd b/EndoForge/openssh/run-sshd
index 29615fb..20e82d8 100755
--- a/EndoForge/openssh/run-sshd
+++ b/EndoForge/openssh/run-sshd
@@ -1,4 +1,9 @@
 #!/bin/sh
+# Fix file ownership with fakeroot so that OpenSSH will run as a user.
+#
+# The ownership is not really changed on disk, but 'chmod go-w' might actually
+# change permissions on disk.
 case "$LD_PRELOAD" in
    libfakeroot-sysv.so) ;;
    '') exec fakeroot -- "$0" "$@" ;;
@@ -7,20 +12,19 @@ esac
 fixperms()
 {
-    set --
+    set -- "$1"
-    dirs=$HOME
+    local p="$1" oldp=
-    p=$HOME
+    while [ "$p" != "$oldp" ]
-    while [ "$p" != "${p%/*}" ]
    do
-        p=${p%/*}
+        oldp=$p
-        dirs="$dirs $p/"
+        p=${p%/*}/
+        set -- "$@" "$p"
    done
+    chown root:root "$@"
-    chown root:root $dirs
+    chmod go-w "$@"
-    chmod go-w $dirs
 }
-fixperms
+fixperms "$HOME"/.ssh
 PATH=/sbin:/usr/sbin:$PATH
 cmd="$(which sshd) $*"
author	Andrew Cady <d@cryptonomic.net>	2021-10-24 04:58:30 -0400
committer	Andrew Cady <d@cryptonomic.net>	2021-10-24 05:48:56 -0400
commit	187db8e649641aa64dc49c29ea6bbeba1f7cabf7 (patch)
tree	7d4795161361f4bebe7d5d29dc111f77c1956728
parent	82724b1955cb39fde0d920e3de7a61574502f56a (diff)

diff --git a/EndoForge/README.md b/EndoForge/README.md index 9abcabe..0b1a8dd 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md
@@ -71,20 +71,19 @@ editing the system `OpenSSH` configuration.
71	NON-ROOT INSTALLATION	71	NON-ROOT INSTALLATION
72	---------------------	72	---------------------
73		73
74	If sudo access is not available, you can install to a different	74	A configuration is included for running OpenSSH from an unprivileged user
75	location:	75	account. Try it like so:
		76
76		77
77	```	78	```
78	make SSH_CONFIG_DIR=.config/ssh \	79	cd EndoForge
79	SSHD_CONFIG_DIR=.config/ssh/config.d \	80	make install
80	SSH_LIB_DIR=.local/lib/ssh \	81	cd openssh
81	install	82	make run
82	```	83	```
83		84
84	Then you will need to run `OpenSSH` on a non-default port (the default	85	This launches a script that uses 'fakeroot' and to make OpenSSH think the
85	port requires root access).	86	permissions are OK.
86
87
88		87
89		88
90		89


diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand index 063444e..0e6d285 100755 --- a/EndoForge/openssh/AuthorizedKeysCommand +++ b/EndoForge/openssh/AuthorizedKeysCommand
@@ -1,4 +1,9 @@
1	#!/bin/sh	1	#!/bin/sh
		2	# Modified AuthorizedKeysCommand for running OpenSSH as unprivileged user.
		3	#
		4	# Uses the home directory of the calling user (ascertained through "id -un")
		5	# instead of the authenticated user.
		6
2	fingerprint=$3	7	fingerprint=$3
3	authline="$4 $5"	8	authline="$4 $5"
4		9


diff --git a/EndoForge/openssh/run-sshd b/EndoForge/openssh/run-sshd index 29615fb..20e82d8 100755 --- a/EndoForge/openssh/run-sshd +++ b/EndoForge/openssh/run-sshd
@@ -1,4 +1,9 @@
1	#!/bin/sh	1	#!/bin/sh
		2	# Fix file ownership with fakeroot so that OpenSSH will run as a user.
		3	#
		4	# The ownership is not really changed on disk, but 'chmod go-w' might actually
		5	# change permissions on disk.
		6
2	case "$LD_PRELOAD" in	7	case "$LD_PRELOAD" in
3	libfakeroot-sysv.so) ;;	8	libfakeroot-sysv.so) ;;
4	'') exec fakeroot -- "$0" "$@" ;;	9	'') exec fakeroot -- "$0" "$@" ;;
@@ -7,20 +12,19 @@ esac
7		12
8	fixperms()	13	fixperms()
9	{	14	{
10	set --	15	set -- "$1"
11	dirs=$HOME	16	local p="$1" oldp=
12	p=$HOME	17	while [ "$p" != "$oldp" ]
13	while [ "$p" != "${p%/*}" ]
14	do	18	do
15	p=${p%/*}	19	oldp=$p
16	dirs="$dirs $p/"	20	p=${p%/*}/
		21	set -- "$@" "$p"
17	done	22	done
18		23	chown root:root "$@"
19	chown root:root $dirs	24	chmod go-w "$@"
20	chmod go-w $dirs
21	}	25	}
22		26
23	fixperms	27	fixperms "$HOME"/.ssh
24		28
25	PATH=/sbin:/usr/sbin:$PATH	29	PATH=/sbin:/usr/sbin:$PATH
26	cmd="$(which sshd) $*"	30	cmd="$(which sshd) $*"