Hopefully gmail won't mangle the attachment (gmail seems to hate
patches....nonetheless...)
SSH is used to automate tasks on remote hosts. There are often special
user account created for these tasks. Many of those user accounts are
locked down for security. Some of those users' home path is '/dev/null'.
When this is the case, ssh automated tasks clutter up the logfiles with...
Could not create directory '/dev/null/.ssh'.
...this change checks that the user's home directory is actually a directory
and that it is writable by that user before attempting to create the '.ssh'
directory. This prevents the error.
From 66a506645e4883315f50c4d7103ec41ba0918423 Mon Sep 17 00:00:00 2001
From: Reuben Hawkins <hreuben@xxxxxxxxxx>
Date: Wed, 7 Dec 2016 17:01:49 -0800
Subject: [PATCH] don't always emit '.ssh' create error
SSH is used to automate tasks on remote hosts. There are often special
user account created for these tasks. Many of those user accounts are
locked down for security. Some of those users' home path is '/dev/null'.
When this is the case, ssh automated tasks clutter up the logfiles with...
Could not create directory '/dev/null/.ssh'.
...this change checks that the user's home directory is actually a directory
and that it is writable by that user before attempting to create the '.ssh'
directory. This prevents the error.
---
ssh.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/ssh.c b/ssh.c
index 03a23fb..74df861 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1362,23 +1362,33 @@ main(int ac, char **av)
/*
* Now that we are back to our own permissions, create ~/.ssh
- * directory if it doesn't already exist.
+ * directory if it doesn't already exist. Make sure the home directory
+ * isn't something like '/dev/null' before attempting to create '.ssh'
+ * otherwise ssh clutters logfiles when used to automate things for
+ * users with locked down accounts.
*/
if (config == NULL) {
- r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
- strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ if (-1 == stat(pw->pw_dir, &st)) {
+ /* Stat failed on home folder? */
+ error("Could not stat %s: %s", pw->pw_dir, strerror(errno));
+ } else if (S_ISDIR(st.st_mode) && 0 == access(pw->pw_dir, W_OK)) {
+ /* Home folder is a directory and it is writable. */
+ r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
+ strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX
- ssh_selinux_setfscreatecon(buf);
+ ssh_selinux_setfscreatecon(buf);
#endif
- if (mkdir(buf, 0700) < 0)
- error("Could not create directory '%.200s'.",
- buf);
+ if (mkdir(buf, 0700) < 0)
+ error("Could not create directory '%.200s'.",
+ buf);
#ifdef WITH_SELINUX
- ssh_selinux_setfscreatecon(NULL);
+ ssh_selinux_setfscreatecon(NULL);
#endif
+ }
}
}
+
/* load options.identity_files */
load_public_identity_files();
--
2.7.2
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
