- djm@cvs.openbsd.org 2009/11/10 02:58:56

     [sshd_config.5]
     clarify that StrictModes does not apply to ChrootDirectory. Permissions
     and ownership are always checked when chrooting. bz#1532

2 files changed, 9 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 712a9caf5..604b5d773 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,10 @@
      [ssh_config.5]
      explain the constraints on LocalCommand some more so people don't
      try to abuse it.
+   - djm@cvs.openbsd.org 2009/11/10 02:58:56
+     [sshd_config.5]
+     clarify that StrictModes does not apply to ChrootDirectory. Permissions
+     and ownership are always checked when chrooting. bz#1532
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/sshd_config.5 b/sshd_config.5
index 7e7c6f855..e54e70079 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.111 2009/10/28 21:45:08 jmc Exp $
-.Dd $Mdocdate: October 28 2009 $
+.\" $OpenBSD: sshd_config.5,v 1.112 2009/11/10 02:58:56 djm Exp $
+.Dd $Mdocdate: November 10 2009 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -832,6 +832,9 @@ This is normally desirable because novices sometimes accidentally leave their
 directory or files world-writable.
 The default is
 .Dq yes .
+Note that this does not apply to
+.Cm ChrootDirectory ,
+whose permissions and ownership are checked unconditionally.
 .It Cm Subsystem
 Configures an external subsystem (e.g. file transfer daemon).
 Arguments should be a subsystem name and a command (with optional arguments)