On Sun, 01 Jul 2012, Marc Haber wrote: > > Yes, but it's user configuration not system configuration. > > A system user's .ssh is user configuration?
If it is intended to be manipulated by the local admin, yes, and it would belong in /etc somewhere. > > If you do want to have that as configuration in /etc, I'd > > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys > > (or vice versa), like e.g. postgresql handles cluster configuration. > > Can you give a more visible example? Should /etc/foo/authorized_keys > be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think > that circumvents the FHS forbidding configuration in /var/lib just by > making it accessible through /etc. No. The real file goes in /etc, the symlink goes in /var/lib. But you may need very tight permissions in the directory that hosts these to have sshd tolerate it, if it will work at all. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120701153641.gg2...@khazad-dum.debian.net