[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111109111015.GD22827@gremlin.ru>
Date: Wed, 9 Nov 2011 15:10:15 +0400
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: Re: /etc/skel/.ssh/authorized_keys
On 09-Nov-2011 14:56:44 +0400, Solar Designer wrote:
> > diff -ruN openssh.orig/openssh.spec openssh/openssh.spec
> > --- openssh.orig/openssh.spec 2011-04-12 12:52:35 +0400
> > +++ openssh/openssh.spec 2011-11-09 12:02:28 +0400
> > @@ -210,6 +210,10 @@
> > # create ghosts
> > touch %buildroot/etc/ssh/ssh_host_{,rsa_,dsa_}key{,.pub}
> >
> > +%post clients
> > +mkdir -p -m 700 /etc/skel/.ssh
> > +touch /etc/skel/.ssh/authorized_keys
> What for? To provide safe permissions by default, even if one
> adjusts the umask to be other than our default of 077?
Not necessarily. I normally do that for reasons of usability, as
I encourage users to authorize with keys, and they misspell the
file name too often.
> Why in %post rather than in %install and %files?
To avoid conflicts. The ${subj} may contain preset keys on some
systems (trivial example: VPS with virtual HTTP sites operated
by one person) - and it hardly is the "%config(noreplace)" file.
--
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xBA52B364, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 920D 3BCE 930A CF01 A591 541C 6C6D 286E BA52 B364
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
