- (stevesk) [README.privsep] minor updates

author: Kevin Steves <stevesk@pobox.com> 2002-06-24 16:49:22 +0000
committer: Kevin Steves <stevesk@pobox.com> 2002-06-24 16:49:22 +0000
commit: d48663602d55d324aa4c5964b9782a876de0ff5b (patch)
tree: 8c772f7ac5db03acada74e27ee1f8ff99f936941 /README.privsep
parent: 34f0d8f4040c3fe55e3a69aa92d18482077dd202 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/README.privsep b/README.privsep
index 6c798f3a4..12b9cb2fc 100644
--- a/README.privsep
+++ b/README.privsep
@@ -12,7 +12,7 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
 compression must be disabled in order for privilege separation to 
 function.
-When privsep is enabled, the pre-authentication sshd process will
+When privsep is enabled, during the pre-authentication phase sshd will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
 and its primary group.  You should do something like the following to
 prepare the privsep preauth environment:
@@ -21,7 +21,7 @@ prepare the privsep preauth environment:
        # chown root:sys /var/empty
        # chmod 755 /var/empty
        # groupadd sshd
-        # useradd -g sshd sshd
+        # useradd -g sshd -c 'sshd privsep' -d /var/empty sshd
 If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
        # ln /usr/lib/.ns.so /usr/lib/ns.so.1
@@ -57,4 +57,4 @@ process 1005 is the sshd process listening for new connections.
 process 6917 is the privileged monitor process, 6919 is the user owned
 sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $
+$Id: README.privsep,v 1.8 2002/06/24 16:49:22 stevesk Exp $
author	Kevin Steves <stevesk@pobox.com>	2002-06-24 16:49:22 +0000
committer	Kevin Steves <stevesk@pobox.com>	2002-06-24 16:49:22 +0000
commit	d48663602d55d324aa4c5964b9782a876de0ff5b (patch)
tree	8c772f7ac5db03acada74e27ee1f8ff99f936941 /README.privsep
parent	34f0d8f4040c3fe55e3a69aa92d18482077dd202 (diff)

diff --git a/README.privsep b/README.privsep index 6c798f3a4..12b9cb2fc 100644 --- a/README.privsep +++ b/README.privsep
@@ -12,7 +12,7 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
12	compression must be disabled in order for privilege separation to	12	compression must be disabled in order for privilege separation to
13	function.	13	function.
14		14
15	When privsep is enabled, the pre-authentication sshd process will	15	When privsep is enabled, during the pre-authentication phase sshd will
16	chroot(2) to "/var/empty" and change its privileges to the "sshd" user	16	chroot(2) to "/var/empty" and change its privileges to the "sshd" user
17	and its primary group. You should do something like the following to	17	and its primary group. You should do something like the following to
18	prepare the privsep preauth environment:	18	prepare the privsep preauth environment:
@@ -21,7 +21,7 @@ prepare the privsep preauth environment:
21	# chown root:sys /var/empty	21	# chown root:sys /var/empty
22	# chmod 755 /var/empty	22	# chmod 755 /var/empty
23	# groupadd sshd	23	# groupadd sshd
24	# useradd -g sshd sshd	24	# useradd -g sshd -c 'sshd privsep' -d /var/empty sshd
25		25
26	If you are on UnixWare 7 or OpenUNIX 8 do this additional step.	26	If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
27	# ln /usr/lib/.ns.so /usr/lib/ns.so.1	27	# ln /usr/lib/.ns.so /usr/lib/ns.so.1
@@ -57,4 +57,4 @@ process 1005 is the sshd process listening for new connections.
57	process 6917 is the privileged monitor process, 6919 is the user owned	57	process 6917 is the privileged monitor process, 6919 is the user owned
58	sshd process and 6921 is the shell process.	58	sshd process and 6921 is the shell process.
59		59
60	$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $	60	$Id: README.privsep,v 1.8 2002/06/24 16:49:22 stevesk Exp $