Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-11-29 17:36:19 +0000
commit: 68538f6919550b36ae9d812a1c2c52dbe9354608 (patch)
tree: 9abe8841fe763c02f49001f47ce9f0a122ba11c5 /ssh_config.5
parent: 4ba040812693f5823bc8643cfb82a581a5e8e5db (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 4e341155a..37f3ab869 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1760,6 +1760,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-11-29 17:36:19 +0000
commit	68538f6919550b36ae9d812a1c2c52dbe9354608 (patch)
tree	9abe8841fe763c02f49001f47ce9f0a122ba11c5 /ssh_config.5
parent	4ba040812693f5823bc8643cfb82a581a5e8e5db (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 4e341155a..37f3ab869 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1760,6 +1760,8 @@ The format of this file is described above.
1760	This file is used by the SSH client.	1760	This file is used by the SSH client.
1761	Because of the potential for abuse, this file must have strict permissions:	1761	Because of the potential for abuse, this file must have strict permissions:
1762	read/write for the user, and not accessible by others.	1762	read/write for the user, and not accessible by others.
		1763	It may be group-writable provided that the group in question contains only
		1764	the user.
1763	.It Pa /etc/ssh/ssh_config	1765	.It Pa /etc/ssh/ssh_config
1764	Systemwide configuration file.	1766	Systemwide configuration file.
1765	This file provides defaults for those	1767	This file provides defaults for those