Hi Darren, Thanks for your clarifications -
On March 21, 2018 6:50 PM, Darren Tucker <[email protected]> wrote: .. > > - Steps 1 up to 4 are run as root by the sshd child, > > - login(1) is execve:ed at step "4. Changes to run with normal user > > privileges.", and it will > > login isn't used at all. On OpenBSD, sshd calls the equivalent > functions in session.c:do_setusercontext(). On other platforms > exactly what happens varies depending on platform and configuration > but it's roughly the same. Ah, the setusercontext(3) calls in session.c:do_setusercontext() both effectuate login class (login.conf) settings and set uid/gid. Neat! http://man.openbsd.org/setusercontext.3 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c Thanks, Tinker
