Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-12-03 17:05:05 +0000
commit: aae427a0c7d5702bf294191533ab1f33437a8a56 (patch)
tree: 1d5f030d9165fa02b0713f6123a072e69dda342b /ssh_config.5
parent: 0fe621a2c5a90e37e9a1afa8b56fd04fb1c53eef (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 78e918a0e..1e9c058ff 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1757,6 +1757,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-12-03 17:05:05 +0000
commit	aae427a0c7d5702bf294191533ab1f33437a8a56 (patch)
tree	1d5f030d9165fa02b0713f6123a072e69dda342b /ssh_config.5
parent	0fe621a2c5a90e37e9a1afa8b56fd04fb1c53eef (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 78e918a0e..1e9c058ff 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1757,6 +1757,8 @@ The format of this file is described above.
1757	This file is used by the SSH client.	1757	This file is used by the SSH client.
1758	Because of the potential for abuse, this file must have strict permissions:	1758	Because of the potential for abuse, this file must have strict permissions:
1759	read/write for the user, and not accessible by others.	1759	read/write for the user, and not accessible by others.
		1760	It may be group-writable provided that the group in question contains only
		1761	the user.
1760	.It Pa /etc/ssh/ssh_config	1762	.It Pa /etc/ssh/ssh_config
1761	Systemwide configuration file.	1763	Systemwide configuration file.
1762	This file provides defaults for those	1764	This file provides defaults for those