summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:09:58 +0000
committerColin Watson <cjwatson@debian.org>2017-01-16 15:02:54 +0000
commitc20ad02ad58a523c6f4974e1ca124e71b7b801b1 (patch)
treeafd7789eacc9df276abe3a1b1a307d2f7cee216f /ssh_config.5
parent71809791262478c78d1db2ca1004604c39db8150 (diff)
Allow harmless group-writability
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.52
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index a0457314c..0483a1ee4 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1803,6 +1803,8 @@ The format of this file is described above.
1803This file is used by the SSH client. 1803This file is used by the SSH client.
1804Because of the potential for abuse, this file must have strict permissions: 1804Because of the potential for abuse, this file must have strict permissions:
1805read/write for the user, and not accessible by others. 1805read/write for the user, and not accessible by others.
1806It may be group-writable provided that the group in question contains only
1807the user.
1806.It Pa /etc/ssh/ssh_config 1808.It Pa /etc/ssh/ssh_config
1807Systemwide configuration file. 1809Systemwide configuration file.
1808This file provides defaults for those 1810This file provides defaults for those