Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-02-29 12:33:29 +0000
commit: 6f05f80017871238b4e50fc4e09d57d722416743 (patch)
tree: 1bfe799dc3909da0ffc4bb5640955d8f1be80b16 /ssh_config.5
parent: 5c2c0e042d57cee75528686f47b4c47db434ad8b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index bbf638b53..ab8f27179 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1830,6 +1830,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-02-29 12:33:29 +0000
commit	6f05f80017871238b4e50fc4e09d57d722416743 (patch)
tree	1bfe799dc3909da0ffc4bb5640955d8f1be80b16 /ssh_config.5
parent	5c2c0e042d57cee75528686f47b4c47db434ad8b (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index bbf638b53..ab8f27179 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1830,6 +1830,8 @@ The format of this file is described above.
1830	This file is used by the SSH client.	1830	This file is used by the SSH client.
1831	Because of the potential for abuse, this file must have strict permissions:	1831	Because of the potential for abuse, this file must have strict permissions:
1832	read/write for the user, and not accessible by others.	1832	read/write for the user, and not accessible by others.
		1833	It may be group-writable provided that the group in question contains only
		1834	the user.
1833	.It Pa /etc/ssh/ssh_config	1835	.It Pa /etc/ssh/ssh_config
1834	Systemwide configuration file.	1836	Systemwide configuration file.
1835	This file provides defaults for those	1837	This file provides defaults for those