Micah Anderson <[email protected]> writes: > If you add the option ProtectSystem=yes to the service file, then the > daemon will not have the ability to write to /usr.
How does this interact with the OpenSSH daemon, which spawns user shells? I was (blindly) assuming that these security settings would be inherited by all child processes of the spawned process, so you'd end up with shells that also had read-only /usr, possibly interfering with later sudo, su, or other similar operations. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
