diff options
| -rw-r--r-- | mk/bsd.pkg.defaults.mk | 28 | ||||
| -rw-r--r-- | security/openssh/MESSAGE | 16 | ||||
| -rw-r--r-- | security/openssh/Makefile | 12 |
3 files changed, 40 insertions, 16 deletions
diff --git a/mk/bsd.pkg.defaults.mk b/mk/bsd.pkg.defaults.mk index 1f131d4ff77..cf30e70e334 100644 --- a/mk/bsd.pkg.defaults.mk +++ b/mk/bsd.pkg.defaults.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.defaults.mk,v 1.83 2002/08/26 06:42:10 grant Exp $ +# $NetBSD: bsd.pkg.defaults.mk,v 1.84 2002/08/31 10:08:59 grant Exp $ # # A file providing defaults for pkgsrc and the packages collection. @@ -1057,6 +1057,32 @@ NMH_PAGER?= more # Possible: not defined, YES # Default: not defined +OPENSSH_CHROOT?= /var/chroot/sshd +# The chroot directory for OpenSSH with privilege separation. This directory +# will be created and MUST be only readable by root. +# Possible: any directory +# Default: /var/chroot/sshd + +OPENSSH_USER?= sshd +# The unprivileged user for OpenSSH with privilege separation. +# Possible: any user name +# Default: sshd + +OPENSSH_UID?= 16 +# The unprivileged UID for OpenSSH with privilege separation. +# Possible: any uid +# Default: 16 + +OPENSSH_GROUP?= sshd +# The group of the OPENSSH_USER for OpenSSH with privilege separation. +# Possible: any group name +# Default: sshd + +OPENSSH_GID?= 16 +# The GID of the OPENSSH_USER for OpenSSH with privilege separation. +# Possible: any gid +# Default: sshd + PALMOS_DEFAULT_SDK?= 3.5 # Version of PalmOS SDK to use as default. # Possible: 1, 2, 3.1, 3.5 diff --git a/security/openssh/MESSAGE b/security/openssh/MESSAGE index e96c0208959..339e26dbc66 100644 --- a/security/openssh/MESSAGE +++ b/security/openssh/MESSAGE @@ -1,24 +1,16 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.9 2002/06/29 01:34:59 grant Exp $ +$NetBSD: MESSAGE,v 1.10 2002/08/31 10:09:00 grant Exp $ *===* NOTICE *===* -The config files for ${PKGNAME} must be located in: - - ${PKG_SYSCONFDIR} - -and the example files are located in ${EGDIR}. If you have existing config files for OpenSSH located at /etc/ssh.conf and /etc/sshd.conf, then you will have to copy them: /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config -You need to create UID sshd, and GID sshd, for privilege separation. For -security reasons, UsePrivilegeSeparation has to be yes (the default value). -For example, add the following into /etc/passwd and /etc/group: - - sshd:*:16:16::0:0:sshd privsep:/var/chroot/sshd:/sbin/nologin - sshd:*:16: +The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for privilege separation +have been created if they did not already exist. For security reasons, +UsePrivilegeSeparation has to be yes (the default value). =========================================================================== diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 5ac6b1d300a..d60c09e6bfa 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.88 2002/08/28 04:55:18 jlam Exp $ +# $NetBSD: Makefile,v 1.89 2002/08/31 10:09:00 grant Exp $ DISTNAME= openssh-3.4p1 PKGNAME= openssh-3.4.0.1 @@ -34,6 +34,9 @@ INSTALL_TARGET= install-nokeys PLIST_SRC= # empty MESSAGE_SRC= ${.CURDIR}/MESSAGE +PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN} +PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID} + SSH_PID_DIR= /var/run # default directory for PID files PKG_SYSCONFSUBDIR= ssh @@ -50,7 +53,8 @@ CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR} CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE} CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers} -CONFIGURE_ARGS+= --with-privsep-path=/var/chroot/sshd +CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT} +CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER} # XXX: PAM authentication causes memory faults, and I haven't tracked down # XXX: why yet. For the moment, disable PAM authentication. @@ -113,12 +117,14 @@ SUPPORT_FILES= # empty .for FILE in ${SUPPS} SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} .endfor -OWN_DIRS= /var/chroot/sshd +OWN_DIRS= ${OPENSSH_CHROOT} RCD_SCRIPTS= sshd PLIST_SRC+= ${.CURDIR}/PLIST FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} MESSAGE_SUBST+= EGDIR=${EGDIR} +MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER} +MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP} INSTALL_EXTRA_TMPL= ${.CURDIR}/INSTALL .if defined(UPDATE_INTREE_OPENSSH) |