Do you have a question? Post it now! No Registration Necessary. Now with pictures!
May 20, 2004, 10:00 pm
rate this thread
I am trying to install and run sshd as a non-root user. Hence, I
configure and compile with '--with-privsep-path' and
'--with-privsep-user' set to something other than root.
However, when I try to run what I install, I get:
/etc/opt/sshd/privsep_path/test must be owned by root and not group or
what the hell? Looking at the privsep directory, I see it is owned as
the correct, non-root user, and that it has the correct permissions.
Why is it complaining that it needs root permissions for this
directory? Is this a bug?
Re: openssh privsep problem
You'll need to set "UsePrivilegeSeparation no" in sshd_config. PrivSep
requires that the daemon is running as root (the chroot() and the uid
swapping require it).
Because it's checking that the permssions are correct, and they're not.
No. Maybe sshd could fail with an error if it's not running as root
and PrivSep is on, but that might prevent someone using an unusual
but otherwise valid setup (eg running as a non-root user with systrace
privilege elevation for the critical calls).
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum