Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-03-20 00:32:28 +0000
commit: 77638f6662ecd8500e1b97e537233b1277ca829f (patch)
tree: b293efadbfda75975145c839e07781aacaab5880 /ssh_config.5
parent: 7a26d16efb4ee303c8d66ee82caf9d0686f4a074 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 3172fd441..4bf7cbb3c 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1529,6 +1529,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-03-20 00:32:28 +0000
commit	77638f6662ecd8500e1b97e537233b1277ca829f (patch)
tree	b293efadbfda75975145c839e07781aacaab5880 /ssh_config.5
parent	7a26d16efb4ee303c8d66ee82caf9d0686f4a074 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 3172fd441..4bf7cbb3c 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1529,6 +1529,8 @@ The format of this file is described above.
1529	This file is used by the SSH client.	1529	This file is used by the SSH client.
1530	Because of the potential for abuse, this file must have strict permissions:	1530	Because of the potential for abuse, this file must have strict permissions:
1531	read/write for the user, and not accessible by others.	1531	read/write for the user, and not accessible by others.
		1532	It may be group-writable provided that the group in question contains only
		1533	the user.
1532	.It Pa /etc/ssh/ssh_config	1534	.It Pa /etc/ssh/ssh_config
1533	Systemwide configuration file.	1535	Systemwide configuration file.
1534	This file provides defaults for those	1536	This file provides defaults for those