Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-08-07 12:18:43 +0100
commit: 563974a78e937c4844e1198b5f6d79b8b2b5c600 (patch)
tree: ab2b821031f9b3d4dac7123b677dd6e8a93ac4d3 /ssh_config.5
parent: 173d65e72989cba82502604da3f1336766c0cf0f (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index efc265ab7..5dd26bcaa 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1903,6 +1903,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-08-07 12:18:43 +0100
commit	563974a78e937c4844e1198b5f6d79b8b2b5c600 (patch)
tree	ab2b821031f9b3d4dac7123b677dd6e8a93ac4d3 /ssh_config.5
parent	173d65e72989cba82502604da3f1336766c0cf0f (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index efc265ab7..5dd26bcaa 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1903,6 +1903,8 @@ The format of this file is described above.
1903	This file is used by the SSH client.	1903	This file is used by the SSH client.
1904	Because of the potential for abuse, this file must have strict permissions:	1904	Because of the potential for abuse, this file must have strict permissions:
1905	read/write for the user, and not accessible by others.	1905	read/write for the user, and not accessible by others.
		1906	It may be group-writable provided that the group in question contains only
		1907	the user.
1906	.It Pa /etc/ssh/ssh_config	1908	.It Pa /etc/ssh/ssh_config
1907	Systemwide configuration file.	1909	Systemwide configuration file.
1908	This file provides defaults for those	1910	This file provides defaults for those