diff options
| author | Rasmus Villemoes <rasmus.villemoes@prevas.dk> | 2024-04-17 13:45:20 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-04-25 10:19:28 +0100 |
| commit | 89204a0114c1d46626a2439389f9c0a760dbb8d0 (patch) | |
| tree | 753a2a01a709d3b797376017812450c22d049334 /meta | |
| parent | 8aa5d31184fac2ee5ad26ff130f98c751e8ae4c6 (diff) | |
| download | poky-89204a0114c1d46626a2439389f9c0a760dbb8d0.tar.gz | |
openssh: add After dependencies on nss-user-lookup.target
Quoting 'man systemd.special':
nss-user-lookup.target
A target that should be used as synchronization point for all
regular UNIX user/group name service lookups. [...] All services
for which the availability of the full user/group database is
essential should be ordered after this target, but not pull it
in. All services which provide parts of the user/group database
should be ordered before this target, and pull it in.
When no service providing parts of the user/group database exists and
thus pulls in the nss-user-lookup.target, this added dependency is a
no-op.
However, when such a service does exist, and e.g. modifies /etc/shadow
to change password or enable/disable certain accounts, it is essential
that no ssh connections are accepted until those changes are made.
(From OE-Core rev: 365b5490f3b12772ed57a6bcfd1e0e8a91185afc)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd.service | 1 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service index 2a997b656a..3e570ab1e5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | Description=OpenSSH server daemon | 2 | Description=OpenSSH server daemon |
| 3 | Wants=sshdgenkeys.service | 3 | Wants=sshdgenkeys.service |
| 4 | After=sshdgenkeys.service | 4 | After=sshdgenkeys.service |
| 5 | After=nss-user-lookup.target | ||
| 5 | 6 | ||
| 6 | [Service] | 7 | [Service] |
| 7 | Environment="SSHD_OPTS=" | 8 | Environment="SSHD_OPTS=" |
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 8d76d62309..7dd2ed0626 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | [Unit] | 1 | [Unit] |
| 2 | Conflicts=sshd.service | 2 | Conflicts=sshd.service |
| 3 | Wants=sshdgenkeys.service | 3 | Wants=sshdgenkeys.service |
| 4 | After=nss-user-lookup.target | ||
| 4 | 5 | ||
| 5 | [Socket] | 6 | [Socket] |
| 6 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | 7 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd |