Micah Anderson <mi...@debian.org> writes: > If you add the option ProtectSystem=yes to the service file, then the > daemon will not have the ability to write to /usr.
How does this interact with the OpenSSH daemon, which spawns user shells? I was (blindly) assuming that these security settings would be inherited by all child processes of the spawned process, so you'd end up with shells that also had read-only /usr, possibly interfering with later sudo, su, or other similar operations. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87tx1groyx....@hope.eyrie.org
