From 187db8e649641aa64dc49c29ea6bbeba1f7cabf7 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sun, 24 Oct 2021 04:58:30 -0400 Subject: comments and fiddling --- EndoForge/README.md | 19 +++++++++---------- EndoForge/openssh/AuthorizedKeysCommand | 5 +++++ EndoForge/openssh/run-sshd | 24 ++++++++++++++---------- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/EndoForge/README.md b/EndoForge/README.md index 9abcabe..0b1a8dd 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md @@ -71,20 +71,19 @@ editing the system `OpenSSH` configuration. NON-ROOT INSTALLATION --------------------- -If sudo access is not available, you can install to a different -location: +A configuration is included for running OpenSSH from an unprivileged user +account. Try it like so: + ``` - make SSH_CONFIG_DIR=.config/ssh \ - SSHD_CONFIG_DIR=.config/ssh/config.d \ - SSH_LIB_DIR=.local/lib/ssh \ - install + cd EndoForge + make install + cd openssh + make run ``` -Then you will need to run `OpenSSH` on a non-default port (the default -port requires root access). - - +This launches a script that uses 'fakeroot' and to make OpenSSH think the +permissions are OK. diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand index 063444e..0e6d285 100755 --- a/EndoForge/openssh/AuthorizedKeysCommand +++ b/EndoForge/openssh/AuthorizedKeysCommand @@ -1,4 +1,9 @@ #!/bin/sh +# Modified AuthorizedKeysCommand for running OpenSSH as unprivileged user. +# +# Uses the home directory of the calling user (ascertained through "id -un") +# instead of the authenticated user. + fingerprint=$3 authline="$4 $5" diff --git a/EndoForge/openssh/run-sshd b/EndoForge/openssh/run-sshd index 29615fb..20e82d8 100755 --- a/EndoForge/openssh/run-sshd +++ b/EndoForge/openssh/run-sshd @@ -1,4 +1,9 @@ #!/bin/sh +# Fix file ownership with fakeroot so that OpenSSH will run as a user. +# +# The ownership is not really changed on disk, but 'chmod go-w' might actually +# change permissions on disk. + case "$LD_PRELOAD" in libfakeroot-sysv.so) ;; '') exec fakeroot -- "$0" "$@" ;; @@ -7,20 +12,19 @@ esac fixperms() { - set -- - dirs=$HOME - p=$HOME - while [ "$p" != "${p%/*}" ] + set -- "$1" + local p="$1" oldp= + while [ "$p" != "$oldp" ] do - p=${p%/*} - dirs="$dirs $p/" + oldp=$p + p=${p%/*}/ + set -- "$@" "$p" done - - chown root:root $dirs - chmod go-w $dirs + chown root:root "$@" + chmod go-w "$@" } -fixperms +fixperms "$HOME"/.ssh PATH=/sbin:/usr/sbin:$PATH cmd="$(which sshd) $*" -- cgit v1.2.3