Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Nov 2011 14:56:44 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: /etc/skel/.ssh/authorized_keys

On Wed, Nov 09, 2011 at 12:06:00PM +0400, gremlin@...mlin.ru wrote:
> diff -ruN openssh.orig/openssh.spec openssh/openssh.spec
> --- openssh.orig/openssh.spec   2011-04-12 12:52:35 +0400
> +++ openssh/openssh.spec        2011-11-09 12:02:28 +0400
> @@ -210,6 +210,10 @@
>  # create ghosts
>  touch %buildroot/etc/ssh/ssh_host_{,rsa_,dsa_}key{,.pub}
>  
> +%post clients
> +mkdir -p -m 700 /etc/skel/.ssh
> +touch /etc/skel/.ssh/authorized_keys

What for?  To provide safe permissions by default, even if one adjusts
the umask to be other than our default of 077?

Why in %post rather than in %install and %files?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ