Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2017-10-04 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2018-08-24 17:49:07 +0100
commit: 840f43066f9cdf5f6bb07992aca1c5f43be8eb80 (patch)
tree: eada7af8840576ed8b715b291101bc150914d004 /ssh_config.5
parent: d47fa6fefb418c6d8f5a6d3dd49fd9dc7fce0c74 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 86ada128e..03341a229 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1813,6 +1813,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2018-08-24 17:49:07 +0100
commit	840f43066f9cdf5f6bb07992aca1c5f43be8eb80 (patch)
tree	eada7af8840576ed8b715b291101bc150914d004 /ssh_config.5
parent	d47fa6fefb418c6d8f5a6d3dd49fd9dc7fce0c74 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 86ada128e..03341a229 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1813,6 +1813,8 @@ The format of this file is described above.
1813	This file is used by the SSH client.	1813	This file is used by the SSH client.
1814	Because of the potential for abuse, this file must have strict permissions:	1814	Because of the potential for abuse, this file must have strict permissions:
1815	read/write for the user, and not accessible by others.	1815	read/write for the user, and not accessible by others.
		1816	It may be group-writable provided that the group in question contains only
		1817	the user.
1816	.It Pa /etc/ssh/ssh_config	1818	.It Pa /etc/ssh/ssh_config
1817	Systemwide configuration file.	1819	Systemwide configuration file.
1818	This file provides defaults for those	1820	This file provides defaults for those