package/openssh: Add sysusers.d snippet

Whether using the new sysusers.d snippet, or adding an entry to
/etc/password, set the service's home directory to /var/empty.
See README.privsep included as part of the openssh distribution.

Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 4781cd3fbc9d04fa52de1fcb013023b162730626..4fef5caedb0142df38ce0b163604534d925acc3f 100644 (file)
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -19,10 +19,6 @@ OPENSSH_CONF_OPTS = \
        --disable-wtmpx \
        --disable-strip
 
-define OPENSSH_USERS
-       sshd -1 sshd -1 * - - - SSH drop priv user
-endef
-
 define OPENSSH_PERMISSIONS
        /var/empty d 755 root root - - - - -
 endef
@@ -61,12 +57,24 @@ else
 OPENSSH_CONF_OPTS += --without-selinux
 endif
 
+ifeq ($(BR2_PACKAGE_SYSTEMD_SYSUSERS),y)
+define OPENSSH_INSTALL_SYSTEMD_SYSUSERS
+       $(INSTALL) -m 0644 -D package/openssh/sshd-sysusers.conf \
+               $(TARGET_DIR)/usr/lib/sysusers.d/sshd.conf
+endef
+else
+define OPENSSH_USERS
+       sshd -1 sshd -1 * /var/empty - - SSH drop priv user
+endef
+endif
+
 define OPENSSH_INSTALL_INIT_SYSTEMD
        $(INSTALL) -D -m 644 package/openssh/sshd.service \
                $(TARGET_DIR)/usr/lib/systemd/system/sshd.service
        mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
        ln -fs ../../../../usr/lib/systemd/system/sshd.service \
                $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshd.service
+       $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
 endef
 
 define OPENSSH_INSTALL_INIT_SYSV

diff --git a/package/openssh/sshd-sysusers.conf b/package/openssh/sshd-sysusers.conf
new file mode 100644 (file)
index 0000000..ac77aec
--- /dev/null
+++ b/package/openssh/sshd-sysusers.conf
@@ -0,0 +1 @@
+u sshd - "SSH drop priv user" /var/empty