Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 02:40:16 +0000
commit: b63620615d5c8af09e350608233f69191ad6c275 (patch)
tree: 6123216785c35d73925aaec0d3c2e3f366edc2b9 /ssh_config.5
parent: efe70e315cfcc70e765ebd070e83528a6be6c125 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index b3c5dc614..3c6b9d4d2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1523,6 +1523,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 02:40:16 +0000
commit	b63620615d5c8af09e350608233f69191ad6c275 (patch)
tree	6123216785c35d73925aaec0d3c2e3f366edc2b9 /ssh_config.5
parent	efe70e315cfcc70e765ebd070e83528a6be6c125 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index b3c5dc614..3c6b9d4d2 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1523,6 +1523,8 @@ The format of this file is described above.
1523	This file is used by the SSH client.	1523	This file is used by the SSH client.
1524	Because of the potential for abuse, this file must have strict permissions:	1524	Because of the potential for abuse, this file must have strict permissions:
1525	read/write for the user, and not accessible by others.	1525	read/write for the user, and not accessible by others.
		1526	It may be group-writable provided that the group in question contains only
		1527	the user.
1526	.It Pa /etc/ssh/ssh_config	1528	.It Pa /etc/ssh/ssh_config
1527	Systemwide configuration file.	1529	Systemwide configuration file.
1528	This file provides defaults for those	1530	This file provides defaults for those