Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-08-19 16:33:32 +0100
commit: 39b2121148a0aa016a648446823c8f02c5fd95b3 (patch)
tree: 83af2a05a97d6e3a8a7b566646bc97f7689340d6 /ssh_config.5
parent: 8b3111d597316954caaf8ddf2e7746491976c248 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 250c0d15a..8abcf4008 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1701,6 +1701,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-08-19 16:33:32 +0100
commit	39b2121148a0aa016a648446823c8f02c5fd95b3 (patch)
tree	83af2a05a97d6e3a8a7b566646bc97f7689340d6 /ssh_config.5
parent	8b3111d597316954caaf8ddf2e7746491976c248 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 250c0d15a..8abcf4008 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1701,6 +1701,8 @@ The format of this file is described above.
1701	This file is used by the SSH client.	1701	This file is used by the SSH client.
1702	Because of the potential for abuse, this file must have strict permissions:	1702	Because of the potential for abuse, this file must have strict permissions:
1703	read/write for the user, and not accessible by others.	1703	read/write for the user, and not accessible by others.
		1704	It may be group-writable provided that the group in question contains only
		1705	the user.
1704	.It Pa /etc/ssh/ssh_config	1706	.It Pa /etc/ssh/ssh_config
1705	Systemwide configuration file.	1707	Systemwide configuration file.
1706	This file provides defaults for those	1708	This file provides defaults for those