From nobody Thu Dec 05 23:58:07 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y4BDm5b5Dz5fvT0 for ; Thu, 05 Dec 2024 23:58:48 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2560 bits) client-digest SHA256) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y4BDm0y3Dz4nDJ; Thu, 5 Dec 2024 23:58:47 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Authentication-Results: mx1.freebsd.org; none Received: from [10.0.5.4] (bigears.hs [10.0.5.4]) (authenticated bits=0) by heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPA id 4B5Nw7Sr097411; Fri, 6 Dec 2024 10:58:12 +1100 (AEDT) (envelope-from dewayne@heuristicsystems.com.au) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=heuristicsystems.com.au; s=hsa; t=1733443093; x=1734047894; bh=gWR8Dy6o+kF26jH8vHlT9M9CAqBSjJIulWkB3kiqZic=; h=Message-ID:Date:Subject:To:Cc:From; b=JtXMeWhOSPMt1nuLg2wlw8enbOdmBltZC96s9S1g6B/TfW/E4RS3t6kc/n3bwWqKd tfNOhyVh6MCzj1uR6CSrDq2KsVU622QSUgjP+EFtTyBkqivxfWrUT1pMT9uhyHGZYi l4sC2ZbSAZYO3F5/9fLL7HEpUGe7fd5HA3r5khF13hgWTKpoS0j4B X-Authentication-Warning: b3.hs: Host bigears.hs [10.0.5.4] claimed to be [10.0.5.4] Message-ID: Date: Fri, 6 Dec 2024 10:58:07 +1100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Do we need both /nonexistent and /var/empty in /etc/passwd? To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= , Arthur Chance Cc: questions@freebsd.org References: <41641e69-c7b4-4558-8d2c-e6f70906c893@heuristicsystems.com.au> <9c3177d2-9b98-4049-b775-0d969d604b89@heuristicsystems.com.au> <86h67icx07.fsf@ltc.des.dev> Content-Language: en-GB From: Dewayne Geraghty In-Reply-To: <86h67icx07.fsf@ltc.des.dev> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU] X-Rspamd-Queue-Id: 4Y4BDm0y3Dz4nDJ X-Spamd-Bar: ---- Thank-you for your advice. After monitoring ktrace -f /tmp/sshd-empty.dmp /usr/sbin/sshd -d -e /var/empty is used. My time will be better spent learning how sshd (& dovecot) use /var/empty for priv separation. :) Kind regards, Dewayne PS I'm making a very small footprint 14.2S system, clearly /var/empty is critical for a functioning sshd.