diff options
| -rw-r--r-- | README.privsep | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/README.privsep b/README.privsep index 79ea62783..6c798f3a4 100644 --- a/README.privsep +++ b/README.privsep | |||
| @@ -8,6 +8,10 @@ More information is available at: | |||
| 8 | Privilege separation is now enabled by default; see the | 8 | Privilege separation is now enabled by default; see the |
| 9 | UsePrivilegeSeparation option in sshd_config(5). | 9 | UsePrivilegeSeparation option in sshd_config(5). |
| 10 | 10 | ||
| 11 | On systems which lack mmap or anonymous (MAP_ANON) memory mapping, | ||
| 12 | compression must be disabled in order for privilege separation to | ||
| 13 | function. | ||
| 14 | |||
| 11 | When privsep is enabled, the pre-authentication sshd process will | 15 | When privsep is enabled, the pre-authentication sshd process will |
| 12 | chroot(2) to "/var/empty" and change its privileges to the "sshd" user | 16 | chroot(2) to "/var/empty" and change its privileges to the "sshd" user |
| 13 | and its primary group. You should do something like the following to | 17 | and its primary group. You should do something like the following to |
| @@ -53,4 +57,4 @@ process 1005 is the sshd process listening for new connections. | |||
| 53 | process 6917 is the privileged monitor process, 6919 is the user owned | 57 | process 6917 is the privileged monitor process, 6919 is the user owned |
| 54 | sshd process and 6921 is the shell process. | 58 | sshd process and 6921 is the shell process. |
| 55 | 59 | ||
| 56 | $Id: README.privsep,v 1.6 2002/06/21 14:45:50 djm Exp $ | 60 | $Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $ |