* [PATCH] openssh: add After dependencies on nss-user-lookup.target
@ 2024-04-17 11:45 Rasmus Villemoes
0 siblings, 0 replies; only message in thread
From: Rasmus Villemoes @ 2024-04-17 11:45 UTC (permalink / raw)
To: openembedded-core; +Cc: Richard Purdie, Alexandre Belloni, Rasmus Villemoes
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Quoting 'man systemd.special':
nss-user-lookup.target
A target that should be used as synchronization point for all
regular UNIX user/group name service lookups. [...] All services
for which the availability of the full user/group database is
essential should be ordered after this target, but not pull it
in. All services which provide parts of the user/group database
should be ordered before this target, and pull it in.
When no service providing parts of the user/group database exists and
thus pulls in the nss-user-lookup.target, this added dependency is a
no-op.
However, when such a service does exist, and e.g. modifies /etc/shadow
to change password or enable/disable certain accounts, it is essential
that no ssh connections are accepted until those changes are made.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
---
meta/recipes-connectivity/openssh/openssh/sshd.service | 1 +
meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 +
2 files changed, 2 insertions(+)
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
index 2a997b656a..3e570ab1e5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -2,6 +2,7 @@
Description=OpenSSH server daemon
Wants=sshdgenkeys.service
After=sshdgenkeys.service
+After=nss-user-lookup.target
[Service]
Environment="SSHD_OPTS="
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..7dd2ed0626 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,7 @@
[Unit]
Conflicts=sshd.service
Wants=sshdgenkeys.service
+After=nss-user-lookup.target
[Socket]
ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
--
2.40.1.1.g1c60b9335d
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-04-17 11:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-17 11:45 [PATCH] openssh: add After dependencies on nss-user-lookup.target Rasmus Villemoes
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.