diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-09-09 20:34:15 +1000 |
| commit | 19a66dbf4f929c0d9aa89af5b2282470cfb5726b (patch) | |
| tree | e43bd194656f2ea900b922a17d8f3b93560b6688 /contrib/aix | |
| parent | 08432d54faf63a2f5f9c264ac8ff6aa343ebeabc (diff) | |
- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
Diffstat (limited to 'contrib/aix')
| -rwxr-xr-x | contrib/aix/buildbff.sh | 44 |
1 files changed, 20 insertions, 24 deletions
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118c..03f0d6048 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | # | 2 | # |
| 3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages | 3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages |
| 4 | # $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ | 4 | # $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ |
| 5 | # | 5 | # |
| 6 | # Author: Darren Tucker (dtucker at zip dot com dot au) | 6 | # Author: Darren Tucker (dtucker at zip dot com dot au) |
| 7 | # This file is placed in the public domain and comes with absolutely | 7 | # This file is placed in the public domain and comes with absolutely |
| @@ -200,33 +200,29 @@ do | |||
| 200 | done | 200 | done |
| 201 | echo | 201 | echo |
| 202 | 202 | ||
| 203 | # Create PrivSep user if PrivSep not disabled in config | 203 | # Create PrivilegeSeparation user and group if not present |
| 204 | echo Creating PrivSep prereqs if required. | 204 | echo Checking for PrivilegeSeparation user and group. |
| 205 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null | 205 | if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
| 206 | then | 206 | then |
| 207 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," | 207 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." |
| 208 | echo "group or chroot directory." | ||
| 209 | else | 208 | else |
| 210 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | 209 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
| 211 | 210 | mkgroup -A $SSH_PRIVSEP_USER | |
| 212 | # create group if required | 211 | fi |
| 213 | if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
| 214 | then | ||
| 215 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | ||
| 216 | else | ||
| 217 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | ||
| 218 | mkgroup -A $SSH_PRIVSEP_USER | ||
| 219 | fi | ||
| 220 | 212 | ||
| 221 | # Create user if required | 213 | # Create user if required |
| 222 | if lsuser "$SSH_PRIVSEP_USER" >/dev/null | 214 | if lsuser "$SSH_PRIVSEP_USER" >/dev/null |
| 223 | then | 215 | then |
| 224 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | 216 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." |
| 225 | else | 217 | else |
| 226 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | 218 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
| 227 | mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER | 219 | mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER |
| 228 | fi | 220 | fi |
| 229 | 221 | ||
| 222 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null | ||
| 223 | then | ||
| 224 | echo UsePrivilegeSeparation not enabled, privsep directory not required. | ||
| 225 | else | ||
| 230 | # create chroot directory if required | 226 | # create chroot directory if required |
| 231 | if [ -d $PRIVSEP_PATH ] | 227 | if [ -d $PRIVSEP_PATH ] |
| 232 | then | 228 | then |