Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 23:43:40 +0000
commit: 2bb37315c1e077bc176e703fbf0028a1f6315d37 (patch)
tree: 8c0fc9e5af8b442fbfa6688bfa03ca05fc9f0c19 /ssh_config.5
parent: 05609b1cb381eafb999214bf4a95138e63abdbf2 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 694868053..a1e18d286 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1365,6 +1365,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 23:43:40 +0000
commit	2bb37315c1e077bc176e703fbf0028a1f6315d37 (patch)
tree	8c0fc9e5af8b442fbfa6688bfa03ca05fc9f0c19 /ssh_config.5
parent	05609b1cb381eafb999214bf4a95138e63abdbf2 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 694868053..a1e18d286 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1365,6 +1365,8 @@ The format of this file is described above.
1365	This file is used by the SSH client.	1365	This file is used by the SSH client.
1366	Because of the potential for abuse, this file must have strict permissions:	1366	Because of the potential for abuse, this file must have strict permissions:
1367	read/write for the user, and not accessible by others.	1367	read/write for the user, and not accessible by others.
		1368	It may be group-writable provided that the group in question contains only
		1369	the user.
1368	.It Pa /etc/ssh/ssh_config	1370	.It Pa /etc/ssh/ssh_config
1369	Systemwide configuration file.	1371	Systemwide configuration file.
1370	This file provides defaults for those	1372	This file provides defaults for those