Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-09-17 13:52:40 +0100
commit: 8c6ce36545711e987fcab76a11f2110fdf9a7c8a (patch)
tree: a9468f0396d8ade4e82be2235b600b95b654684e /ssh_config.5
parent: 2219c0ae6be6750432932833b69264a53e0496e4 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 67e0dff9a..4e799cfab 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1708,6 +1708,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-09-17 13:52:40 +0100
commit	8c6ce36545711e987fcab76a11f2110fdf9a7c8a (patch)
tree	a9468f0396d8ade4e82be2235b600b95b654684e /ssh_config.5
parent	2219c0ae6be6750432932833b69264a53e0496e4 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 67e0dff9a..4e799cfab 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1708,6 +1708,8 @@ The format of this file is described above.
1708	This file is used by the SSH client.	1708	This file is used by the SSH client.
1709	Because of the potential for abuse, this file must have strict permissions:	1709	Because of the potential for abuse, this file must have strict permissions:
1710	read/write for the user, and not accessible by others.	1710	read/write for the user, and not accessible by others.
		1711	It may be group-writable provided that the group in question contains only
		1712	the user.
1711	.It Pa /etc/ssh/ssh_config	1713	.It Pa /etc/ssh/ssh_config
1712	Systemwide configuration file.	1714	Systemwide configuration file.
1713	This file provides defaults for those	1715	This file provides defaults for those