openssh privsep problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
hey all,

I am trying to install and run sshd as a non-root user. Hence, I
configure and compile with '--with-privsep-path' and
'--with-privsep-user' set to something other than root.

However, when I try to run what I install, I get:

/etc/opt/sshd/privsep_path/test must be owned by root and not group or

what the hell? Looking at the privsep directory, I see it is owned as
the correct, non-root user, and that it has the correct permissions.

Why is it complaining that it needs root permissions for this
directory? Is this a bug?


Re: openssh privsep problem

Quoted text here. Click to load it

You'll need to set "UsePrivilegeSeparation no" in sshd_config.  PrivSep
requires that the daemon is running as root (the chroot() and the uid
swapping require it).

Quoted text here. Click to load it

Because it's checking that the permssions are correct, and they're not.

Quoted text here. Click to load it

No.  Maybe sshd could fail with an error if it's not running as root
and PrivSep is on, but that might prevent someone using an unusual
but otherwise valid setup (eg running as a non-root user with systrace
privilege elevation for the critical calls).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline