> I found another interesting wrinkle. It appears this issue seems to > only affect diskless CPU servers. I'm able to SSH successfully to my > auth and file servers.
Mystery solved! It turns out this was the same issue Cinap fixed in auth/as last year. sshsession was inheriting the host owner factotum after capuse, which was leading to breakage on hosts other than the file server. I've attached (and submitted to 9legacy) a patch to address the issue in the Labs implementation. To wit, I was able to duplicate this issue on every implementation of SSH v2 that's available. Cheers, Steve ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta343100f1654631e-M32b0c9ee1d3d680c6ba88ca5 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
This patch corrects non-host owner filesystem permissions in sshsession. Prior to these changes, SSH sessions would inherit the host owner factotum, which lead to incorrect permissions on hosts other than the file server. These changes are similar to those submitted by Cinap Lenrek to address a related issue in auth/as: https://git.9front.org/plan9front/plan9front/55a0abdd439964793a5ebceb23776d162a0436d2/patch --- /n/sources/plan9/sys/src/cmd/ssh2/sshsession.c Sun May 6 14:55:41 2012 +++ /sys/src/cmd/ssh2/sshsession.c Thu Dec 8 17:14:10 2022 @@ -89,6 +89,27 @@ } /* + * mount factotum after auth + */ +static void +mountfactotum(int ctlfd) +{ + int fd; + + fd = open("/srv/factotum", ORDWR); + if (fd < 0) { + syslog(0, "ssh", "can't open /srv/factotum: %r"); + hangup(ctlfd); + exits("open"); + } + if (mount(fd, -1, "/mnt", MREPL, "") < 0) { + syslog(0, "ssh", "can't mount /srv/factotum in /mnt: %r"); + hangup(ctlfd); + exits("can't mount"); + } +} + +/* * mount tunnel if there isn't one visible. */ static void @@ -135,6 +156,7 @@ return 0; auth(buf, n, ctlfd); + mountfactotum(ctlfd); p = strchr(buf, '@'); if (p == nil)