I asked: > As a result of yesterday's CERT announcement, I have downloaded, > compiled, and installed OpenSsh version 3.4p1 on my Ultra 10 (running > Solaris 8) testbed. However, to get it running I had to add two things > which make a lot of sense, but I have not seen any documentation on what > permissions are needed. > > Initally, the new sshd did not start up because I hadn't created the > sshd Privelege Separation user. So I did. However, I have not been > able to find any indication of how that account is to be configured. I > created it with * for a password and /bin/false for a shell, but is > there anything else that needs to be done? > > Next, the new sshd did not start up because I had not created the > /var/empty chroot jail directory. So I did. However, I was again > unable to find any documentation on the ownership, permissions, etc on > this directory. I just created it owned by root, mode 0755. OpenSsh > 3.4p1 now appears to work. > > So my question is: what permissions are needed for the sshd account, > and what ownership, permissions, etc are needed for the /var/empty > directory? The answer: Although there is no reference to it in the README file, there is a new README file with version 3.4. README.privsep has the info I needed. Now if only that file was referenced in the INSTALL or main README file. oh well. Thanks To: Davorin Bengez <dbengez@interactive1.hr> <john65@pobox.com> Vincent <vb@tiguidoo.com> Peter Evans <peter@ixp.jp> Michael Hocke <mh103@nyu.edu> Tim Evans <tkevans@tkevans.com> Ramji Venkateswaran <rv@uiop.org> David Foster <foster@dim.ucsd.edu> "Pardy, Brian" <BPardy@CuraGen.com> "Thomas W. Holt Jr." <twh@cohesive.net> Ben Lindstrom <mouring@etoh.eviladmin.org> "Olson, John C" <John.Olson@nationalcity.com> +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Jun 27 14:18:04 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:47 EST