diff options
author | Colin Watson <cjwatson@debian.org> | 2006-07-14 16:08:37 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2006-07-14 16:08:37 +0000 |
commit | 7c8da8e1c4e0aa9f156da721c1f1ecf1e87d6112 (patch) | |
tree | 880dcc8cec205df7f5ff15e571aebdb33999596e /debian/openssh-server.postinst | |
parent | 67a501cbbafa05d22956a739c37c52484d076427 (diff) |
* Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
Introduces dependency on passwd for usermod.
Diffstat (limited to 'debian/openssh-server.postinst')
-rw-r--r-- | debian/openssh-server.postinst | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index ccacb411a..1ac6906da 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -289,9 +289,15 @@ fix_statoverride() { | |||
289 | fi | 289 | fi |
290 | } | 290 | } |
291 | 291 | ||
292 | fix_sshd_shell() { | ||
293 | if getent passwd sshd | grep ':/bin/false$'; then | ||
294 | usermod -s /usr/sbin/nologin sshd | ||
295 | fi | ||
296 | } | ||
297 | |||
292 | setup_sshd_user() { | 298 | setup_sshd_user() { |
293 | if ! getent passwd sshd >/dev/null; then | 299 | if ! getent passwd sshd >/dev/null; then |
294 | adduser --quiet --system --no-create-home --home /var/run/sshd sshd | 300 | adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd |
295 | fi | 301 | fi |
296 | } | 302 | } |
297 | 303 | ||
@@ -318,6 +324,9 @@ create_sshdconfig | |||
318 | check_idea_key | 324 | check_idea_key |
319 | create_keys | 325 | create_keys |
320 | fix_statoverride | 326 | fix_statoverride |
327 | if dpkg --compare-versions "$2" lt 1:4.3p2-3; then | ||
328 | fix_sshd_shell | ||
329 | fi | ||
321 | setup_sshd_user | 330 | setup_sshd_user |
322 | if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then | 331 | if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then |
323 | fix_conffile_permissions | 332 | fix_conffile_permissions |