Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-12-26 00:55:59 +0000
commit: 47c946434c6e99ff9da531cfcafb051e38e79ff8 (patch)
tree: 08e8df7c7e84f3fa65f1d4e3a82809cde0a3e731 /ssh_config.5
parent: 68d399525871ecd1a2837f04045581a2774ba4bb (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index a0457314c..0483a1ee4 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1803,6 +1803,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-12-26 00:55:59 +0000
commit	47c946434c6e99ff9da531cfcafb051e38e79ff8 (patch)
tree	08e8df7c7e84f3fa65f1d4e3a82809cde0a3e731 /ssh_config.5
parent	68d399525871ecd1a2837f04045581a2774ba4bb (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index a0457314c..0483a1ee4 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1803,6 +1803,8 @@ The format of this file is described above.
1803	This file is used by the SSH client.	1803	This file is used by the SSH client.
1804	Because of the potential for abuse, this file must have strict permissions:	1804	Because of the potential for abuse, this file must have strict permissions:
1805	read/write for the user, and not accessible by others.	1805	read/write for the user, and not accessible by others.
		1806	It may be group-writable provided that the group in question contains only
		1807	the user.
1806	.It Pa /etc/ssh/ssh_config	1808	.It Pa /etc/ssh/ssh_config
1807	Systemwide configuration file.	1809	Systemwide configuration file.
1808	This file provides defaults for those	1810	This file provides defaults for those