Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 19a66dbf4f929c0d9aa89af5b2282470cfb5726b^! / . / contrib / aix / buildbff.sh
commit19a66dbf4f929c0d9aa89af5b2282470cfb5726b[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Sat Sep 09 20:34:15 2006 +1000
committerDarren Tucker <dtucker@zip.com.au>Sat Sep 09 20:34:15 2006 +1000
treee43bd194656f2ea900b922a17d8f3b93560b6688
parent08432d54faf63a2f5f9c264ac8ff6aa343ebeabc [diff] [blame]
 - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.

diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 09b9c11..03f0d60 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
-# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $
+# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $
 #
 # Author: Darren Tucker (dtucker at zip dot com dot au)
 # This file is placed in the public domain and comes with absolutely
@@ -200,33 +200,29 @@
 done
 echo
 
-# Create PrivSep user if PrivSep not disabled in config
-echo Creating PrivSep prereqs if required.
+# Create PrivilegeSeparation user and group if not present
+echo Checking for PrivilegeSeparation user and group.
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+then
+	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+else
+	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+	mkgroup -A $SSH_PRIVSEP_USER
+fi
+
+# Create user if required
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+then
+	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+else
+	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+fi
+
 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
 then
-	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
-	echo "group or chroot directory."
+	echo UsePrivilegeSeparation not enabled, privsep directory not required.
 else
-	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
-
-	# create group if required
-	if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-	then
-		echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-	else
-		echo "Creating PrivSep group $SSH_PRIVSEP_USER."
-		mkgroup -A $SSH_PRIVSEP_USER
-	fi
-
-	# Create user if required
-	if lsuser "$SSH_PRIVSEP_USER" >/dev/null
-	then
-		echo "PrivSep user $SSH_PRIVSEP_USER already exists."
-	else
-		echo "Creating PrivSep user $SSH_PRIVSEP_USER."
-		mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
-	fi
-
 	# create chroot directory if required
 	if [ -d $PRIVSEP_PATH ]
 	then