forked from rpms/openssh
always use /sbin/nologin as privsep user's shell
This commit is contained in:
parent
a92d7445da
commit
d48f1a7bde
13
openssh.spec
13
openssh.spec
@ -30,9 +30,6 @@
|
|||||||
# Do we want LDAP support
|
# Do we want LDAP support
|
||||||
%define ldap 1
|
%define ldap 1
|
||||||
|
|
||||||
# Whether or not /sbin/nologin exists.
|
|
||||||
%define nologin 1
|
|
||||||
|
|
||||||
# Whether to build pam_ssh_agent_auth
|
# Whether to build pam_ssh_agent_auth
|
||||||
%if 0%{?!nopam:1}
|
%if 0%{?!nopam:1}
|
||||||
%define pam_ssh_agent 1
|
%define pam_ssh_agent 1
|
||||||
@ -191,9 +188,7 @@ Patch907: openssh-6.2p1-aarch64.patch
|
|||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
%if %{nologin}
|
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
%endif
|
|
||||||
|
|
||||||
%if ! %{no_gnome_askpass}
|
%if ! %{no_gnome_askpass}
|
||||||
%if %{gtk2}
|
%if %{gtk2}
|
||||||
@ -604,15 +599,9 @@ getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
|
|||||||
|
|
||||||
%pre server
|
%pre server
|
||||||
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
|
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
|
||||||
%if %{nologin}
|
|
||||||
getent passwd sshd >/dev/null || \
|
getent passwd sshd >/dev/null || \
|
||||||
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd -s /sbin/nologin \
|
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
|
||||||
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
|
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
|
||||||
%else
|
|
||||||
getent passwd sshd >/dev/null || \
|
|
||||||
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd -s /sbin/nologin \
|
|
||||||
-s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
%systemd_post sshd.service
|
%systemd_post sshd.service
|
||||||
|
Loading…
Reference in New Issue
Block a user