Re: openssh privsep problem
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 05/21/04
- Next message: Darren Tucker: "Re: SSH key problem"
- Previous message: jonathan: "openssh privsep problem"
- In reply to: jonathan: "openssh privsep problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 May 2004 01:45:57 +0000 (UTC)
In article <f05e664d.0405201400.5c15d1d4@posting.google.com>,
jonathan <ttyp32000@yahoo.com> wrote:
>I am trying to install and run sshd as a non-root user. Hence, I
>configure and compile with '--with-privsep-path' and
>'--with-privsep-user' set to something other than root.
>
>However, when I try to run what I install, I get:
>
>/etc/opt/sshd/privsep_path/test must be owned by root and not group or
>world-writable
You'll need to set "UsePrivilegeSeparation no" in sshd_config. PrivSep
requires that the daemon is running as root (the chroot() and the uid
swapping require it).
>Why is it complaining that it needs root permissions for this
>directory?
Because it's checking that the permssions are correct, and they're not.
>Is this a bug?
No. Maybe sshd could fail with an error if it's not running as root
and PrivSep is on, but that might prevent someone using an unusual
but otherwise valid setup (eg running as a non-root user with systrace
privilege elevation for the critical calls).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Darren Tucker: "Re: SSH key problem"
- Previous message: jonathan: "openssh privsep problem"
- In reply to: jonathan: "openssh privsep problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
