Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-06-05 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2019-06-21 16:14:03 +0100
commit: 0fc2ac6707abe076cd6b444f73c478eeda54b25f (patch)
tree: e433ad99222914ffb1e6f666b1bfa3739784e243 /ssh_config.5
parent: e9dd9cd95fe8fe2da9b114a1546a90634b3ce4be (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 250c92d04..bd1e9311d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1885,6 +1885,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2019-06-21 16:14:03 +0100
commit	0fc2ac6707abe076cd6b444f73c478eeda54b25f (patch)
tree	e433ad99222914ffb1e6f666b1bfa3739784e243 /ssh_config.5
parent	e9dd9cd95fe8fe2da9b114a1546a90634b3ce4be (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 250c92d04..bd1e9311d 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1885,6 +1885,8 @@ The format of this file is described above.
1885	This file is used by the SSH client.	1885	This file is used by the SSH client.
1886	Because of the potential for abuse, this file must have strict permissions:	1886	Because of the potential for abuse, this file must have strict permissions:
1887	read/write for the user, and not writable by others.	1887	read/write for the user, and not writable by others.
		1888	It may be group-writable provided that the group in question contains only
		1889	the user.
1888	.It Pa /etc/ssh/ssh_config	1890	.It Pa /etc/ssh/ssh_config
1889	Systemwide configuration file.	1891	Systemwide configuration file.
1890	This file provides defaults for those	1892	This file provides defaults for those