summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:09:58 +0000
committerColin Watson <cjwatson@debian.org>2020-10-18 12:07:21 +0100
commitd08cd2b0cfbedf3ccd2ec3adaef850b8d9a87e85 (patch)
tree482ed3db805204bb6bc2e7d528d1b5669f6abc72 /ssh_config.5
parent33a5f7aadea15899586710c615408045eaaecebd (diff)
Allow harmless group-writability
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-10-09 Patch-Name: user-group-modes.patch
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.52
1 files changed, 2 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 3ceb800ba..190e1d927 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -2010,6 +2010,8 @@ The format of this file is described above.
2010This file is used by the SSH client. 2010This file is used by the SSH client.
2011Because of the potential for abuse, this file must have strict permissions: 2011Because of the potential for abuse, this file must have strict permissions:
2012read/write for the user, and not writable by others. 2012read/write for the user, and not writable by others.
2013It may be group-writable provided that the group in question contains only
2014the user.
2013.It Pa /etc/ssh/ssh_config 2015.It Pa /etc/ssh/ssh_config
2014Systemwide configuration file. 2016Systemwide configuration file.
2015This file provides defaults for those 2017This file provides defaults for those