Re: UPG and the default umask

[Vincent Danjean <vdanjean.ml@free.fr>]

On 15/05/2010 03:12, Joey Hess wrote:
> Vincent Danjean wrote:
>> I'm happy with this move. However, there is still an interaction with ssh
>> to deal with:
>> vdanjean@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
>> vdanjean@eyak:~$ ssh localhost
>> vdanjean@localhost's password:
>> And, in /var/log/auth.log:
>> May 14 09:42:17 eyak sshd[1618]: Authentication refused: bad ownership or modes for file /home/vdanjean/.ssh/authorized_keys
>>
>> vdanjean@eyak:~$ chmod -Rv g-w .ssh/authorized_keys
>> le mode de « .ssh/authorized_keys » a été modifié en 0644 (rw-r--r--).
>> vdanjean@eyak:~$ ssh localhost
>> You have mail.
>> Last login: Tue May 11 17:10:30 2010
>> vdanjean@eyak:~$
>>
>> My system is in UPG but I was using default umask 022
> 
> FWIW, for openssh this is supposed to be fixed in version 1:4.1p1-3.
> See #314347. It was changed to allow group-writable files if
> the owner is the only member in the group.

Somethink is wrong here. Should 314347 be reopened ?

vdanjean@eyak:~$ LC_ALL=C apt-cache policy openssh-server
openssh-server:
  Installed: 1:5.5p1-3
  Candidate: 1:5.5p1-3
  Version table:
 *** 1:5.5p1-3 0
        500 http://ftp.fr.debian.org unstable/main Packages
        500 http://ftp.fr.debian.org testing/main Packages
        100 /var/lib/dpkg/status
     1:5.1p1-5 0
        500 http://ftp.fr.debian.org stable/main Packages
     1:4.3p2-9etch3 0
        500 http://ftp.fr.debian.org oldstable/main Packages
vdanjean@eyak:~$ cat /etc/group /etc/passwd | grep '^vdanjean'
vdanjean:x:1000:
vdanjean:x:1000:1000:Vincent Danjean,,,:/home/vdanjean:/bin/bash
vdanjean@eyak:~$



-- 
Vincent Danjean       GPG key ID 0x9D025E87         vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A  8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo:  deb http://perso.debian.org/~vdanjean/debian unstable main