- jmc@cvs.openbsd.org 2006/02/19 19:52:10

[sshd.8] move the sshrc stuff out of FILES, and into its own section: FILES is not a good place to document how stuff works;
author: Damien Miller <djm@mindrot.org> 2006-03-15 11:35:54 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-15 11:35:54 +1100
commit: fd725cf585d0f9aca648f177df35265b6abc10e6 (patch)
tree: e5834aeae76a9f7206e1809ae9e5dcf7d154cc44 /sshd.8
parent: adc35b9583944203906ef1fd8b078316213e35d5 (diff)
1 files changed, 51 insertions, 44 deletions
diff --git a/sshd.8 b/sshd.8
index 6d79f175c..6df9d8aab 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -370,9 +370,54 @@ The
 .Dq rc
 files are given the X11
 authentication protocol and cookie in standard input.
+See
+.Sx SSHRC ,
+below.
 .It
 Runs user's shell or command.
 .El
+.Sh SSHRC
+If the file
+.Pa ~/.ssh/rc
+exists,
+.Xr sh 1
+runs it after reading the
+environment files but before starting the user's shell or command.
+It must not produce any output on stdout; stderr must be used
+instead.
+If X11 forwarding is in use, it will receive the "proto cookie" pair in
+its standard input (and
+.Ev DISPLAY
+in its environment).
+The script must call
+.Xr xauth 1
+because
+.Nm
+will not run xauth automatically to add X11 cookies.
+.Pp
+The primary purpose of this file is to run any initialization routines
+which may be needed before the user's home directory becomes
+accessible; AFS is a particular example of such an environment.
+.Pp
+This file will probably contain some initialization code followed by
+something similar to:
+.Bd -literal -offset 3n
+if read proto cookie && [ -n "$DISPLAY" ]; then
+        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+                # X11UseLocalhost=yes
+                echo add unix:`echo $DISPLAY |
+                    cut -c11-` $proto $cookie
+        else
+                # X11UseLocalhost=no
+                echo add $DISPLAY $proto $cookie
+        fi | xauth -q -
+fi
+.Ed
+.Pp
+If this file does not exist,
+.Pa /etc/ssh/sshrc
+is run, and if that
+does not exist either, xauth is used to add the cookie.
 .Sh AUTHORIZED_KEYS FILE FORMAT
 .Cm AuthorizedKeysFile
 specifies the file containing public keys for
@@ -651,46 +696,8 @@ This file should be writable only by root/the owner and
 can, but need not be, world-readable.
 .Pp
 .It ~/.ssh/rc
-If this file exists, it is run with
+Contains initialization routines to be run before
-.Pa /bin/sh
+the user's home directory becomes accessible.
-after reading the
-environment files but before starting the user's shell or command.
-It must not produce any output on stdout; stderr must be used
-instead.
-If X11 forwarding is in use, it will receive the "proto cookie" pair in
-its standard input (and
-.Ev DISPLAY
-in its environment).
-The script must call
-.Xr xauth 1
-because
-.Nm
-will not run xauth automatically to add X11 cookies.
-.Pp
-The primary purpose of this file is to run any initialization routines
-which may be needed before the user's home directory becomes
-accessible; AFS is a particular example of such an environment.
-.Pp
-This file will probably contain some initialization code followed by
-something similar to:
-.Bd -literal
-if read proto cookie && [ -n "$DISPLAY" ]; then
-        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
-                # X11UseLocalhost=yes
-                echo add unix:`echo $DISPLAY |
-                    cut -c11-` $proto $cookie
-        else
-                # X11UseLocalhost=no
-                echo add $DISPLAY $proto $cookie
-        fi | xauth -q -
-fi
-.Ed
-.Pp
-If this file does not exist,
-.Pa /etc/ssh/sshrc
-is run, and if that
-does not exist either, xauth is used to add the cookie.
-.Pp
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
@@ -802,9 +809,9 @@ The file format and configuration options are described in
 .Xr sshd_config 5 .
 .Pp
 .It /etc/ssh/sshrc
-Like
+Similar to
-.Pa ~/.ssh/rc .
+.Pa ~/.ssh/rc ,
-This can be used to specify
+it can be used to specify
 machine-specific login-time initializations globally.
 This file should be writable only by root, and should be world-readable.
 .Pp
author	Damien Miller <djm@mindrot.org>	2006-03-15 11:35:54 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-15 11:35:54 +1100
commit	fd725cf585d0f9aca648f177df35265b6abc10e6 (patch)
tree	e5834aeae76a9f7206e1809ae9e5dcf7d154cc44 /sshd.8
parent	adc35b9583944203906ef1fd8b078316213e35d5 (diff)

diff --git a/sshd.8 b/sshd.8 index 6d79f175c..6df9d8aab 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $	37	.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -370,9 +370,54 @@ The
370	.Dq rc	370	.Dq rc
371	files are given the X11	371	files are given the X11
372	authentication protocol and cookie in standard input.	372	authentication protocol and cookie in standard input.
		373	See
		374	.Sx SSHRC ,
		375	below.
373	.It	376	.It
374	Runs user's shell or command.	377	Runs user's shell or command.
375	.El	378	.El
		379	.Sh SSHRC
		380	If the file
		381	.Pa ~/.ssh/rc
		382	exists,
		383	.Xr sh 1
		384	runs it after reading the
		385	environment files but before starting the user's shell or command.
		386	It must not produce any output on stdout; stderr must be used
		387	instead.
		388	If X11 forwarding is in use, it will receive the "proto cookie" pair in
		389	its standard input (and
		390	.Ev DISPLAY
		391	in its environment).
		392	The script must call
		393	.Xr xauth 1
		394	because
		395	.Nm
		396	will not run xauth automatically to add X11 cookies.
		397	.Pp
		398	The primary purpose of this file is to run any initialization routines
		399	which may be needed before the user's home directory becomes
		400	accessible; AFS is a particular example of such an environment.
		401	.Pp
		402	This file will probably contain some initialization code followed by
		403	something similar to:
		404	.Bd -literal -offset 3n
		405	if read proto cookie && [ -n "$DISPLAY" ]; then
		406	if [ `echo $DISPLAY \| cut -c1-10` = 'localhost:' ]; then
		407	# X11UseLocalhost=yes
		408	echo add unix:`echo $DISPLAY \|
		409	cut -c11-` $proto $cookie
		410	else
		411	# X11UseLocalhost=no
		412	echo add $DISPLAY $proto $cookie
		413	fi \| xauth -q -
		414	fi
		415	.Ed
		416	.Pp
		417	If this file does not exist,
		418	.Pa /etc/ssh/sshrc
		419	is run, and if that
		420	does not exist either, xauth is used to add the cookie.
376	.Sh AUTHORIZED_KEYS FILE FORMAT	421	.Sh AUTHORIZED_KEYS FILE FORMAT
377	.Cm AuthorizedKeysFile	422	.Cm AuthorizedKeysFile
378	specifies the file containing public keys for	423	specifies the file containing public keys for
@@ -651,46 +696,8 @@ This file should be writable only by root/the owner and
651	can, but need not be, world-readable.	696	can, but need not be, world-readable.
652	.Pp	697	.Pp
653	.It ~/.ssh/rc	698	.It ~/.ssh/rc
654	If this file exists, it is run with	699	Contains initialization routines to be run before
655	.Pa /bin/sh	700	the user's home directory becomes accessible.
656	after reading the
657	environment files but before starting the user's shell or command.
658	It must not produce any output on stdout; stderr must be used
659	instead.
660	If X11 forwarding is in use, it will receive the "proto cookie" pair in
661	its standard input (and
662	.Ev DISPLAY
663	in its environment).
664	The script must call
665	.Xr xauth 1
666	because
667	.Nm
668	will not run xauth automatically to add X11 cookies.
669	.Pp
670	The primary purpose of this file is to run any initialization routines
671	which may be needed before the user's home directory becomes
672	accessible; AFS is a particular example of such an environment.
673	.Pp
674	This file will probably contain some initialization code followed by
675	something similar to:
676	.Bd -literal
677	if read proto cookie && [ -n "$DISPLAY" ]; then
678	if [ `echo $DISPLAY \| cut -c1-10` = 'localhost:' ]; then
679	# X11UseLocalhost=yes
680	echo add unix:`echo $DISPLAY \|
681	cut -c11-` $proto $cookie
682	else
683	# X11UseLocalhost=no
684	echo add $DISPLAY $proto $cookie
685	fi \| xauth -q -
686	fi
687	.Ed
688	.Pp
689	If this file does not exist,
690	.Pa /etc/ssh/sshrc
691	is run, and if that
692	does not exist either, xauth is used to add the cookie.
693	.Pp
694	This file should be writable only by the user, and need not be	701	This file should be writable only by the user, and need not be
695	readable by anyone else.	702	readable by anyone else.
696	.Pp	703	.Pp
@@ -802,9 +809,9 @@ The file format and configuration options are described in
802	.Xr sshd_config 5 .	809	.Xr sshd_config 5 .
803	.Pp	810	.Pp
804	.It /etc/ssh/sshrc	811	.It /etc/ssh/sshrc
805	Like	812	Similar to
806	.Pa ~/.ssh/rc .	813	.Pa ~/.ssh/rc ,
807	This can be used to specify	814	it can be used to specify
808	machine-specific login-time initializations globally.	815	machine-specific login-time initializations globally.
809	This file should be writable only by root, and should be world-readable.	816	This file should be writable only by root, and should be world-readable.
810	.Pp	817	.Pp