Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-11-24 20:45:16 +0000
commit: 113450cad7a19b997e51945f012539836bba6f17 (patch)
tree: 8de7d0887897574f9adbd66d7ffe684bd96c0c45 /ssh_config.5
parent: cc53919ec39bb8a84127b7ba1f23acf3809dc2a0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 67e0dff9a..4e799cfab 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1708,6 +1708,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-11-24 20:45:16 +0000
commit	113450cad7a19b997e51945f012539836bba6f17 (patch)
tree	8de7d0887897574f9adbd66d7ffe684bd96c0c45 /ssh_config.5
parent	cc53919ec39bb8a84127b7ba1f23acf3809dc2a0 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 67e0dff9a..4e799cfab 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1708,6 +1708,8 @@ The format of this file is described above.
1708	This file is used by the SSH client.	1708	This file is used by the SSH client.
1709	Because of the potential for abuse, this file must have strict permissions:	1709	Because of the potential for abuse, this file must have strict permissions:
1710	read/write for the user, and not accessible by others.	1710	read/write for the user, and not accessible by others.
		1711	It may be group-writable provided that the group in question contains only
		1712	the user.
1711	.It Pa /etc/ssh/ssh_config	1713	.It Pa /etc/ssh/ssh_config
1712	Systemwide configuration file.	1714	Systemwide configuration file.
1713	This file provides defaults for those	1715	This file provides defaults for those