diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:36:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:36:10 +0000 |
commit | cc3a7011c07bea3a4379c763202f0560eac5871d (patch) | |
tree | 4fb1e1d2cfa7426a6caea234c2b3de36bf3d8dcc | |
parent | Setting MaxAuthTries in sshd_config to 3. (diff) | |
download | openssh-cc3a7011c07bea3a4379c763202f0560eac5871d.tar.xz openssh-cc3a7011c07bea3a4379c763202f0560eac5871d.zip |
Renaming ssh group to _ssh (Closes: #990456).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/openssh-client.postinst | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/debian/openssh-client.postinst b/debian/openssh-client.postinst index ec0ad2b..b5fbe51 100644 --- a/debian/openssh-client.postinst +++ b/debian/openssh-client.postinst @@ -24,12 +24,22 @@ create_alternatives() { done } +update_ssh_group_name() { + # The _ssh group used to be called ssh, but that could clash with + # locally-created user accounts. Since this only exists as an + # otherwise-empty group to which ssh-agent is installed setgid, it's + # easy to rename. + if getent group ssh >/dev/null && ! getent group _ssh >/dev/null; then + groupmod -n _ssh ssh + fi +} + set_ssh_agent_permissions() { - if ! getent group ssh >/dev/null; then - addgroup --system --quiet ssh + if ! getent group _ssh >/dev/null; then + addgroup --system --quiet --force-badname _ssh fi if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then - chgrp ssh /usr/bin/ssh-agent + chgrp _ssh /usr/bin/ssh-agent chmod 2755 /usr/bin/ssh-agent fi } @@ -37,6 +47,9 @@ set_ssh_agent_permissions() { if [ "$action" = configure ]; then create_alternatives + if dpkg --compare-versions "$2" lt-nl 1:8.4p1-6~; then + update_ssh_group_name + fi set_ssh_agent_permissions fi |