From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 22 07:18:56 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9208797C
 for <freebsd-questions@freebsd.org>; Fri, 22 Aug 2014 07:18:56 +0000 (UTC)
Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2842D3DB9
 for <freebsd-questions@freebsd.org>; Fri, 22 Aug 2014 07:18:55 +0000 (UTC)
Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1])
 by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s7M7IiU1040515;
 Fri, 22 Aug 2014 08:18:46 +0100 (BST)
 (envelope-from freebsd@qeng-ho.org)
Message-ID: <53F6EED4.5050505@qeng-ho.org>
Date: Fri, 22 Aug 2014 08:18:44 +0100
From: Arthur Chance <freebsd@qeng-ho.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: John Case <case@SDF.ORG>
Subject: Re: Did /nonexistent go away in FreeBSD 9 ?
References: <Pine.NEB.4.64.1408192023410.7410@faeroes.freeshell.org>
 <53F59BD2.8010902@qeng-ho.org>
 <Pine.NEB.4.64.1408212027070.26741@faeroes.freeshell.org>
In-Reply-To: <Pine.NEB.4.64.1408212027070.26741@faeroes.freeshell.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2014 07:18:56 -0000

On 21/08/2014 21:29, John Case wrote:
>
> On Thu, 21 Aug 2014, Arthur Chance wrote:
>
>>> I also have securelevel=2 ...
>>>
>>> So, did something change with /nonexistent in FreeBSD 9, or does
>>> securelevel=2 screw this up somehow ??
>>
>> The entire point about /nonexistent is that it is nonexistent.
>
>
> The problem was the securelevel=2.
>
> If you have securelevel=2 set, the username for an ssh tunnel cannot log
> in and set up the tunnel with a shell of /nonexistent.
>
> I have no idea why - ssh tunnel failed with a message taht the home
> directory did not exist ... which is correct, since it shouldn't exist.
>
> I removed the securelevel setting and it worked perfectly (the ssh tunnel).
>
> I have no idea why the securelevel setting would cause this...
>
> Any ideas ?  I would actually like to set securelevel=2, but I also need
> my ssh tunnel to work ...

How about setting the home directory to /var/empty? It exists but has 
the schg flag set so cannot have any entries created in it. IIRC it's 
used by various daemons that need a directory to chdir to but which 
shouldn't write to it, which sounds like your use case.