Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-10-09 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2019-10-09 23:07:44 +0100
commit: 19f1d075a06f4d3c9b440d7272272569d8bb0a17 (patch)
tree: ebf027157eadf48d5e3d07efbea39a576ded2242 /ssh_config.5
parent: 3d1a993f484e9043e57af3ae37b7c9c608d5a5f1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index bc04d8d02..2c74b57c0 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1907,6 +1907,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2019-10-09 23:07:44 +0100
commit	19f1d075a06f4d3c9b440d7272272569d8bb0a17 (patch)
tree	ebf027157eadf48d5e3d07efbea39a576ded2242 /ssh_config.5
parent	3d1a993f484e9043e57af3ae37b7c9c608d5a5f1 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index bc04d8d02..2c74b57c0 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1907,6 +1907,8 @@ The format of this file is described above.
1907	This file is used by the SSH client.	1907	This file is used by the SSH client.
1908	Because of the potential for abuse, this file must have strict permissions:	1908	Because of the potential for abuse, this file must have strict permissions:
1909	read/write for the user, and not writable by others.	1909	read/write for the user, and not writable by others.
		1910	It may be group-writable provided that the group in question contains only
		1911	the user.
1910	.It Pa /etc/ssh/ssh_config	1912	.It Pa /etc/ssh/ssh_config
1911	Systemwide configuration file.	1913	Systemwide configuration file.
1912	This file provides defaults for those	1914	This file provides defaults for those