1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 13:22:42 +01:00

Include directory-ownership note in sshd setup instructions

Summary: Fixes T9560. We suggest a root-owned location, but users who choose their own location instead can run into trouble.

Test Plan:
  - Changed parent directory to have an non-root owner, verified that `ssh` no longer worked.
  - Changed parent directory back to a root owner, verified `ssh` worked again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9560

Differential Revision: https://secure.phabricator.com/D15794
This commit is contained in:
epriestley 2016-04-25 05:36:50 -07:00
parent aa9395e38f
commit 623ed1f434

View file

@ -200,10 +200,16 @@ There are three major steps:
**Create `phabricator-ssh-hook.sh`**: Copy the template in **Create `phabricator-ssh-hook.sh`**: Copy the template in
`phabricator/resources/sshd/phabricator-ssh-hook.sh` to somewhere like `phabricator/resources/sshd/phabricator-ssh-hook.sh` to somewhere like
`/usr/libexec/phabricator-ssh-hook.sh` and edit it to have the correct `/usr/libexec/phabricator-ssh-hook.sh` and edit it to have the correct
settings. Then make it owned by `root` and restrict editing: settings.
sudo chown root /path/to/phabricator-ssh-hook.sh Both the script itself **and** the parent directory the script resides in must
sudo chmod 755 /path/to/phabricator-ssh-hook.sh be owned by `root`, and the script must have `755` permissions:
```
$ sudo chown root /path/to/somewhere/
$ sudo chown root /path/to/somewhere/phabricator-ssh-hook.sh
$ sudo chmod 755 /path/to/somewhere/phabricator-ssh-hook.sh
```
If you don't do this, `sshd` will refuse to execute the hook. If you don't do this, `sshd` will refuse to execute the hook.