summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:36:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:36:10 +0000
commitcc3a7011c07bea3a4379c763202f0560eac5871d (patch)
tree4fb1e1d2cfa7426a6caea234c2b3de36bf3d8dcc
parentSetting MaxAuthTries in sshd_config to 3. (diff)
downloadopenssh-cc3a7011c07bea3a4379c763202f0560eac5871d.tar.xz
openssh-cc3a7011c07bea3a4379c763202f0560eac5871d.zip
Renaming ssh group to _ssh (Closes: #990456).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/openssh-client.postinst19
1 files changed, 16 insertions, 3 deletions
diff --git a/debian/openssh-client.postinst b/debian/openssh-client.postinst
index ec0ad2b..b5fbe51 100644
--- a/debian/openssh-client.postinst
+++ b/debian/openssh-client.postinst
@@ -24,12 +24,22 @@ create_alternatives() {
done
}
+update_ssh_group_name() {
+ # The _ssh group used to be called ssh, but that could clash with
+ # locally-created user accounts. Since this only exists as an
+ # otherwise-empty group to which ssh-agent is installed setgid, it's
+ # easy to rename.
+ if getent group ssh >/dev/null && ! getent group _ssh >/dev/null; then
+ groupmod -n _ssh ssh
+ fi
+}
+
set_ssh_agent_permissions() {
- if ! getent group ssh >/dev/null; then
- addgroup --system --quiet ssh
+ if ! getent group _ssh >/dev/null; then
+ addgroup --system --quiet --force-badname _ssh
fi
if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then
- chgrp ssh /usr/bin/ssh-agent
+ chgrp _ssh /usr/bin/ssh-agent
chmod 2755 /usr/bin/ssh-agent
fi
}
@@ -37,6 +47,9 @@ set_ssh_agent_permissions() {
if [ "$action" = configure ]; then
create_alternatives
+ if dpkg --compare-versions "$2" lt-nl 1:8.4p1-6~; then
+ update_ssh_group_name
+ fi
set_ssh_agent_permissions
fi