Package: openssh-server Version: 1:5.9p1-5 Severity: normal Tags: patch Separation of static and dynamic motd components ================================================
Currently initscripts generates the motd, and stores it in /var/run/motd. /etc/motd is a symlink to this file, and /etc/motd.tail contains the static user-editable part. This is not ideal for a number of reasons, including /etc/motd not being a file as documented, and not behaving like a conffile, and being generally complex and confusing. It also unnecessarily wastes space on /run. In a future upload of initscripts, this will be simplified: - /etc/motd will contain the user-editable part, and will be a regular file; /etc/motd.tail will be migrated here. - The dynamic part (uname -a) will be stored in /run/motd.dynamic; this will be generated at boot like we do now. There is scope for supporting other dynamically generated info in the future, should there ever be any demand for that, but for now we are simply going to retain the existing behaviour. Users can extend this should they wish. This does require two separate pam_motd lines in your pam service file, one for the dynamic and one for the static parts (patch attached). Enabling the use of /run/motd.dynamic before I create it in initscripts is harmless, and it means we can seamlessly switch over once you have made this change. Thanks, Roger -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (550, 'unstable'), (500, 'testing'), (400, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.113+nmu1 ii debconf [debconf-2.0] 1.5.42 ii dpkg 1.16.2 ii libc6 2.13-30 ii libcomerr2 1.42.2-2 ii libgssapi-krb5-2 1.10+dfsg~beta1-2 ii libkrb5-3 1.10+dfsg~beta1-2 ii libpam-modules 1.1.3-7 ii libpam-runtime 1.1.3-7 ii libpam0g 1.1.3-7 ii libselinux1 2.1.9-4 ii libssl1.0.0 1.0.1-4 ii libwrap0 7.6.q-23 ii lsb-base 4.1+Debian0 ii openssh-client 1:5.9p1-5 ii procps 1:3.3.2-3 ii zlib1g 1:1.2.6.dfsg-2 Versions of packages openssh-server recommends: ii openssh-blacklist 0.4.1 ii openssh-blacklist-extra 0.4.1 ii xauth 1:1.0.6-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass 1:1.2.4.1-9 pn ufw <none> -- debconf information excluded
diff -urN openssh-5.9p1.original/debian/openssh-server.sshd.pam openssh-5.9p1/debian/openssh-server.sshd.pam --- openssh-5.9p1.original/debian/openssh-server.sshd.pam 2010-08-23 23:07:51.000000000 +0100 +++ openssh-5.9p1/debian/openssh-server.sshd.pam 2012-04-21 09:48:09.441916691 +0100 @@ -24,6 +24,9 @@ @include common-session # Print the message of the day upon successful login. +# This includes a dynamically generated part from /run/motd.dynamic +# and a static (admin-editable) part from /etc/motd. +session optional pam_motd.so motd=/run/motd.dynamic session optional pam_motd.so # [1] # Print the status of the user's mailbox upon successful login.
