Allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2017-10-04 Patch-Name: user-group-modes.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:09:58 +0000
committer: Colin Watson <cjwatson@debian.org> 2017-10-04 13:54:48 +0100
commit: b1033fed87fd9fa24dccab45f00cadcbc7144c47 (patch)
tree: 3f6838395acfa6e09710644c99bf003e2b8dcc23 /ssh_config.5
parent: 215bd91f12b0ddb9754483ee6e3c3b4751256dca (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index d6f43c2dd..7810a418e 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1786,6 +1786,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:09:58 +0000
committer	Colin Watson <cjwatson@debian.org>	2017-10-04 13:54:48 +0100
commit	b1033fed87fd9fa24dccab45f00cadcbc7144c47 (patch)
tree	3f6838395acfa6e09710644c99bf003e2b8dcc23 /ssh_config.5
parent	215bd91f12b0ddb9754483ee6e3c3b4751256dca (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index d6f43c2dd..7810a418e 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1786,6 +1786,8 @@ The format of this file is described above.
1786	This file is used by the SSH client.	1786	This file is used by the SSH client.
1787	Because of the potential for abuse, this file must have strict permissions:	1787	Because of the potential for abuse, this file must have strict permissions:
1788	read/write for the user, and not accessible by others.	1788	read/write for the user, and not accessible by others.
		1789	It may be group-writable provided that the group in question contains only
		1790	the user.
1789	.It Pa /etc/ssh/ssh_config	1791	.It Pa /etc/ssh/ssh_config
1790	Systemwide configuration file.	1792	Systemwide configuration file.
1791	This file provides defaults for those	1793	This file provides defaults for those