[openssh] always use /sbin/nologin as privsep user's shell
plautrba
plautrba at fedoraproject.org
Wed Apr 24 16:25:34 UTC 2013
commit d48f1a7bdee65fc39a23cd134aa2678082529893
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Wed Apr 24 18:08:00 2013 +0200
always use /sbin/nologin as privsep user's shell
openssh.spec | 13 +------------
1 files changed, 1 insertions(+), 12 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 154a8b1..7e3cbd2 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -30,9 +30,6 @@
# Do we want LDAP support
%define ldap 1
-# Whether or not /sbin/nologin exists.
-%define nologin 1
-
# Whether to build pam_ssh_agent_auth
%if 0%{?!nopam:1}
%define pam_ssh_agent 1
@@ -191,9 +188,7 @@ Patch907: openssh-6.2p1-aarch64.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-%if %{nologin}
Requires: /sbin/nologin
-%endif
%if ! %{no_gnome_askpass}
%if %{gtk2}
@@ -604,15 +599,9 @@ getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
%pre server
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
-%if %{nologin}
getent passwd sshd >/dev/null || \
- useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd -s /sbin/nologin \
+ useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
-%else
-getent passwd sshd >/dev/null || \
- useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd -s /sbin/nologin \
- -s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
-%endif
%post server
%systemd_post sshd.service
More information about the scm-commits
mailing list