[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111110191423.GE23582@openwall.com>
Date: Thu, 10 Nov 2011 23:14:23 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: /etc/skel/.ssh/authorized_keys
On Wed, Nov 09, 2011 at 03:10:15PM +0400, gremlin@...mlin.ru wrote:
> On 09-Nov-2011 14:56:44 +0400, Solar Designer wrote:
> > > +%post clients
> > > +mkdir -p -m 700 /etc/skel/.ssh
> > > +touch /etc/skel/.ssh/authorized_keys
> > What for? To provide safe permissions by default, even if one
> > adjusts the umask to be other than our default of 077?
>
> Not necessarily. I normally do that for reasons of usability, as
> I encourage users to authorize with keys, and they misspell the
> file name too often.
Oh. Understood. But I don't feel this is a good enough reason to make
the change in Owl. It would be unclear where to stop with providing
empty skel files for those potentially misspelled filenames.
> > Why in %post rather than in %install and %files?
>
> To avoid conflicts. The ${subj} may contain preset keys on some
> systems (trivial example: VPS with virtual HTTP sites operated
> by one person) - and it hardly is the "%config(noreplace)" file.
There would be no problem listing this file as %config(noreplace), but
see above - I am not convinced that we want to get this in.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
