SUMMARY: OpenSsh 3.4 and privelege separation question

From: Christopher L. Barnard <>
Date: Thu Jun 27 2002 - 14:10:56 EDT
I asked:

> As a result of yesterday's CERT announcement, I have downloaded,
> compiled, and installed OpenSsh version 3.4p1 on my Ultra 10 (running
> Solaris 8) testbed.  However, to get it running I had to add two things
> which make a lot of sense, but I have not seen any documentation on what
> permissions are needed.
> Initally, the new sshd did not start up because I hadn't created the
> sshd Privelege Separation user.  So I did.  However, I have not been
> able to find any indication of how that account is to be configured.  I
> created it with * for a password and /bin/false for a shell, but is
> there anything else that needs to be done?
> Next, the new sshd did not start up because I had not created the
> /var/empty chroot jail directory.  So I did.  However, I was again
> unable to find any documentation on the ownership, permissions, etc on
> this directory.  I just created it owned by root, mode 0755.  OpenSsh
> 3.4p1 now appears to work.
> So my question is:  what permissions are needed for the sshd account,
> and what ownership, permissions, etc are needed for the /var/empty
> directory?

The answer:

Although there is no reference to it in the README file, there is a new
README file with version 3.4.  README.privsep has the info I needed.  Now
if only that file was referenced in the INSTALL or main README file.  oh

Thanks To:

Davorin Bengez <>

Vincent <>
Peter Evans <>
Michael Hocke <>
Tim Evans <>
Ramji Venkateswaran <>
David Foster <>
"Pardy, Brian" <>
"Thomas W. Holt Jr." <>
Ben Lindstrom <>
"Olson, John C" <>

| Christopher L. Barnard         O     When I was a boy I was told that |
|         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
|                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
sunmanagers mailing list
Received on Thu Jun 27 14:18:04 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:47 EST