- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.

author: Darren Tucker <dtucker@zip.com.au> 2006-09-09 20:34:15 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2006-09-09 20:34:15 +1000
commit: 19a66dbf4f929c0d9aa89af5b2282470cfb5726b (patch)
tree: e43bd194656f2ea900b922a17d8f3b93560b6688
parent: 08432d54faf63a2f5f9c264ac8ff6aa343ebeabc (diff)
2 files changed, 22 insertions, 25 deletions
diff --git a/ChangeLog b/ChangeLog
index ead33c85b..5791ec255 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 20060909
 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
+ - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
 20060908
 - (dtucker) [auth-sia.c] Add includes required for build on Tru64.  Patch
@@ -5418,4 +5419,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $
+$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 09b9c118c..03f0d6048 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
-# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $
+# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $
 #
 # Author: Darren Tucker (dtucker at zip dot com dot au)
 # This file is placed in the public domain and comes with absolutely
@@ -200,33 +200,29 @@ do
 done
 echo
-# Create PrivSep user if PrivSep not disabled in config
+# Create PrivilegeSeparation user and group if not present
-echo Creating PrivSep prereqs if required.
+echo Checking for PrivilegeSeparation user and group.
-if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
 then
-        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
+        echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-        echo "group or chroot directory."
 else
-        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+        mkgroup -A $SSH_PRIVSEP_USER
-        # create group if required
+fi
-        if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-        then
-                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-        else
-                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
-                mkgroup -A $SSH_PRIVSEP_USER
-        fi
-        # Create user if required
+# Create user if required
-        if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
-        then
+then
-                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        echo "PrivSep user $SSH_PRIVSEP_USER already exists."
-        else
+else
-                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+        echo "Creating PrivSep user $SSH_PRIVSEP_USER."
-                mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+        mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
-        fi
+fi
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+        echo UsePrivilegeSeparation not enabled, privsep directory not required.
+else
        # create chroot directory if required
        if [ -d $PRIVSEP_PATH ]
        then
author	Darren Tucker <dtucker@zip.com.au>	2006-09-09 20:34:15 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2006-09-09 20:34:15 +1000
commit	19a66dbf4f929c0d9aa89af5b2282470cfb5726b (patch)
tree	e43bd194656f2ea900b922a17d8f3b93560b6688
parent	08432d54faf63a2f5f9c264ac8ff6aa343ebeabc (diff)

diff --git a/ChangeLog b/ChangeLog index ead33c85b..5791ec255 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,5 +1,6 @@
1	20060909	1	20060909
2	- (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.	2	- (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
		3	- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
3		4
4	20060908	5	20060908
5	- (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch	6	- (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
@@ -5418,4 +5419,4 @@
5418	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	5419	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
5419	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	5420	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
5420		5421
5421	$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $	5422	$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $


diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118c..03f0d6048 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh
@@ -1,7 +1,7 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# buildbff.sh: Create AIX SMIT-installable OpenSSH packages	3	# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
4	# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $	4	# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $
5	#	5	#
6	# Author: Darren Tucker (dtucker at zip dot com dot au)	6	# Author: Darren Tucker (dtucker at zip dot com dot au)
7	# This file is placed in the public domain and comes with absolutely	7	# This file is placed in the public domain and comes with absolutely
@@ -200,33 +200,29 @@ do
200	done	200	done
201	echo	201	echo
202		202
203	# Create PrivSep user if PrivSep not disabled in config	203	# Create PrivilegeSeparation user and group if not present
204	echo Creating PrivSep prereqs if required.	204	echo Checking for PrivilegeSeparation user and group.
205	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null	205	if cut -f1 -d: /etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
206	then	206	then
207	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"	207	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
208	echo "group or chroot directory."
209	else	208	else
210	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."	209	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
211		210	mkgroup -A $SSH_PRIVSEP_USER
212	# create group if required	211	fi
213	if cut -f1 -d: /etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
214	then
215	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
216	else
217	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
218	mkgroup -A $SSH_PRIVSEP_USER
219	fi
220		212
221	# Create user if required	213	# Create user if required
222	if lsuser "$SSH_PRIVSEP_USER" >/dev/null	214	if lsuser "$SSH_PRIVSEP_USER" >/dev/null
223	then	215	then
224	echo "PrivSep user $SSH_PRIVSEP_USER already exists."	216	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
225	else	217	else
226	echo "Creating PrivSep user $SSH_PRIVSEP_USER."	218	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
227	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER	219	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
228	fi	220	fi
229		221
		222	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
		223	then
		224	echo UsePrivilegeSeparation not enabled, privsep directory not required.
		225	else
230	# create chroot directory if required	226	# create chroot directory if required
231	if [ -d $PRIVSEP_PATH ]	227	if [ -d $PRIVSEP_PATH ]
232	then	228	then