Hi Yann, Yann Dupont <yann.dup...@univ-nantes.fr> writes:
> Hi everyone, the patch eab097c682ed31efd8668f46fce8de8f73b92849 causes sshd > to now use /var/empty as a chroot directory. > sshd expects /var/empty to belong to root and with reduced write permissions. > > Unfortunately, when the nslcd service is also present on the system, it > creates a user whose home directory is also /var/empty, which > in this case belongs to the nslcd user. > > In this case, sshd refuses to start. > > I think the patch eab097c682ed31efd8668f46fce8de8f73b92849 is correct, and > that nslcd should be changed to create /var/empty > with the directory property set to root. But I don't know if there are any > side effects to worry about with nslcd ? > > (I think the relevant code is in : services/authentication.scm), in (define > %nslcd-accounts) > > ... > > (home-directory "/var/empty") Check activate-users+groups in (gnu build activation). It should've adjusted directory permissions and ownership on /var/empty. There are many more accounts having /var/empty as the home dir (e.g. guixbuilder, guix-daemon accounts). Looks quite suspicious that in your case the dir belongs to nslcd. Could you try to reconfigure the system and see if the permissions get fixed?
