I'm writing a role for Ansible to automate the setup and installation of Sparkleshare, with the host on a Fedora 32 Raspberry Pi. I set up a system account with the ansible field create_home set to false. This prevents the directory from being created on user creation, but does continue to have "/home/sparkle" (sparkle being the username) set as the home dir in the /etc/passwd file. When I ran Dazzle setup, I set DAZZLE_HOME=/opt/sparkleshare/sparkle-home. Dazzle continues and appears to be successful with its installation. I linked a client, but the client failed to connect via SSH permission denied. It dawned on me the client id was registered to the dazzle home location, but sshd is authorizing keys based on the home that's in written in the /etc/passwd file. Updating /etc/password allowed me to ssh as sparkle.
What I expected to happen:
With an API to provide the user/group and home, I generally assumed it were up to me to set them up as a pre-requisite, but there are obviously a number of edge cases here that can cause problems. Possibly an assertion in Dazzle that confirms the DAZZLE_HOME is actually where sshd is going to look for the authorized keys would be an improvement that could prevent this, or at least error out with an explicit reason.
This happens when:
Steps described above.
Thanks for reporting your issue or feature request, it helps lots!
OS: Fedora 32 Raspberry Pi
What happened:
I'm writing a role for Ansible to automate the setup and installation of Sparkleshare, with the host on a Fedora 32 Raspberry Pi. I set up a system account with the ansible field
create_homeset to false. This prevents the directory from being created on user creation, but does continue to have "/home/sparkle" (sparkle being the username) set as the home dir in the /etc/passwd file. When I ran Dazzle setup, I setDAZZLE_HOME=/opt/sparkleshare/sparkle-home. Dazzle continues and appears to be successful with its installation. I linked a client, but the client failed to connect via SSH permission denied. It dawned on me the client id was registered to the dazzle home location, but sshd is authorizing keys based on the home that's in written in the /etc/passwd file. Updating /etc/password allowed me to ssh assparkle.What I expected to happen:
With an API to provide the user/group and home, I generally assumed it were up to me to set them up as a pre-requisite, but there are obviously a number of edge cases here that can cause problems. Possibly an assertion in Dazzle that confirms the DAZZLE_HOME is actually where sshd is going to look for the authorized keys would be an improvement that could prevent this, or at least error out with an explicit reason.
This happens when:
Steps described above.
Thanks for reporting your issue or feature request, it helps lots!