mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-19 13:22:42 +01:00
Include directory-ownership note in sshd
setup instructions
Summary: Fixes T9560. We suggest a root-owned location, but users who choose their own location instead can run into trouble. Test Plan: - Changed parent directory to have an non-root owner, verified that `ssh` no longer worked. - Changed parent directory back to a root owner, verified `ssh` worked again. Reviewers: chad Reviewed By: chad Maniphest Tasks: T9560 Differential Revision: https://secure.phabricator.com/D15794
This commit is contained in:
parent
aa9395e38f
commit
623ed1f434
1 changed files with 9 additions and 3 deletions
|
@ -200,10 +200,16 @@ There are three major steps:
|
||||||
**Create `phabricator-ssh-hook.sh`**: Copy the template in
|
**Create `phabricator-ssh-hook.sh`**: Copy the template in
|
||||||
`phabricator/resources/sshd/phabricator-ssh-hook.sh` to somewhere like
|
`phabricator/resources/sshd/phabricator-ssh-hook.sh` to somewhere like
|
||||||
`/usr/libexec/phabricator-ssh-hook.sh` and edit it to have the correct
|
`/usr/libexec/phabricator-ssh-hook.sh` and edit it to have the correct
|
||||||
settings. Then make it owned by `root` and restrict editing:
|
settings.
|
||||||
|
|
||||||
sudo chown root /path/to/phabricator-ssh-hook.sh
|
Both the script itself **and** the parent directory the script resides in must
|
||||||
sudo chmod 755 /path/to/phabricator-ssh-hook.sh
|
be owned by `root`, and the script must have `755` permissions:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sudo chown root /path/to/somewhere/
|
||||||
|
$ sudo chown root /path/to/somewhere/phabricator-ssh-hook.sh
|
||||||
|
$ sudo chmod 755 /path/to/somewhere/phabricator-ssh-hook.sh
|
||||||
|
```
|
||||||
|
|
||||||
If you don't do this, `sshd` will refuse to execute the hook.
|
If you don't do this, `sshd` will refuse to execute the hook.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue