All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] openssh: add After dependencies on nss-user-lookup.target
@ 2024-04-17 11:45 Rasmus Villemoes
  0 siblings, 0 replies; only message in thread
From: Rasmus Villemoes @ 2024-04-17 11:45 UTC (permalink / raw)
  To: openembedded-core; +Cc: Richard Purdie, Alexandre Belloni, Rasmus Villemoes

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

Quoting 'man systemd.special':

  nss-user-lookup.target

    A target that should be used as synchronization point for all
    regular UNIX user/group name service lookups. [...] All services
    for which the availability of the full user/group database is
    essential should be ordered after this target, but not pull it
    in. All services which provide parts of the user/group database
    should be ordered before this target, and pull it in.

When no service providing parts of the user/group database exists and
thus pulls in the nss-user-lookup.target, this added dependency is a
no-op.

However, when such a service does exist, and e.g. modifies /etc/shadow
to change password or enable/disable certain accounts, it is essential
that no ssh connections are accepted until those changes are made.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
---
 meta/recipes-connectivity/openssh/openssh/sshd.service | 1 +
 meta/recipes-connectivity/openssh/openssh/sshd.socket  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
index 2a997b656a..3e570ab1e5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -2,6 +2,7 @@
 Description=OpenSSH server daemon
 Wants=sshdgenkeys.service
 After=sshdgenkeys.service
+After=nss-user-lookup.target
 
 [Service]
 Environment="SSHD_OPTS="
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..7dd2ed0626 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,7 @@
 [Unit]
 Conflicts=sshd.service
 Wants=sshdgenkeys.service
+After=nss-user-lookup.target
 
 [Socket]
 ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
-- 
2.40.1.1.g1c60b9335d



^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2024-04-17 11:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-17 11:45 [PATCH] openssh: add After dependencies on nss-user-lookup.target Rasmus Villemoes

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.