done
echo
-# Create PrivSep user if PrivSep not disabled in config
-echo Creating PrivSep prereqs if required.
-if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+# Create PrivilegeSeparation user and group if not present
+echo Checking for PrivilegeSeparation user and group.
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
- echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
- echo "group or chroot directory."
+ echo "PrivSep group $SSH_PRIVSEP_USER already exists."
else
- echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
-
- # create group if required
- if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
- then
- echo "PrivSep group $SSH_PRIVSEP_USER already exists."
- else
- echo "Creating PrivSep group $SSH_PRIVSEP_USER."
- mkgroup -A $SSH_PRIVSEP_USER
- fi
+ echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+ mkgroup -A $SSH_PRIVSEP_USER
+fi
- # Create user if required
- if lsuser "$SSH_PRIVSEP_USER" >/dev/null
- then
- echo "PrivSep user $SSH_PRIVSEP_USER already exists."
- else
- echo "Creating PrivSep user $SSH_PRIVSEP_USER."
- mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
- fi
+# Create user if required
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+else
+ echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+ mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+fi
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+ echo UsePrivilegeSeparation not enabled, privsep directory not required.
+else
# create chroot directory if required
if [ -d $PRIVSEP_PATH ]
then