Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2017-10-04 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2018-04-03 08:21:37 +0100
commit: 9e45701c5d6105444cc2f4f5d6c44b0f69969479 (patch)
tree: 9df3ccd6a8eee5c69d410a69d06be927bc7284fd /ssh_config.5
parent: 027619c6b05713e3f08a51e7232389383900e5d8 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 32c3632c7..84dcd52cc 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1818,6 +1818,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2018-04-03 08:21:37 +0100
commit	9e45701c5d6105444cc2f4f5d6c44b0f69969479 (patch)
tree	9df3ccd6a8eee5c69d410a69d06be927bc7284fd /ssh_config.5
parent	027619c6b05713e3f08a51e7232389383900e5d8 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 32c3632c7..84dcd52cc 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1818,6 +1818,8 @@ The format of this file is described above.
1818	This file is used by the SSH client.	1818	This file is used by the SSH client.
1819	Because of the potential for abuse, this file must have strict permissions:	1819	Because of the potential for abuse, this file must have strict permissions:
1820	read/write for the user, and not accessible by others.	1820	read/write for the user, and not accessible by others.
		1821	It may be group-writable provided that the group in question contains only
		1822	the user.
1821	.It Pa /etc/ssh/ssh_config	1823	.It Pa /etc/ssh/ssh_config
1822	Systemwide configuration file.	1824	Systemwide configuration file.
1823	This file provides defaults for those	1825	This file provides defaults for those