Re: Bug#581434: UPG and the default umask
On Fri, 14 May 2010, Joey Hess wrote:
> Vincent Danjean wrote:
> > I'm happy with this move. However, there is still an interaction with ssh
> > to deal with:
>
> > vdanjean@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > vdanjean@eyak:~$ ssh localhost
> > vdanjean@localhost's password:
> > And, in /var/log/auth.log:
> > May 14 09:42:17 eyak sshd[1618]: Authentication refused: bad ownership or modes for file /home/vdanjean/.ssh/authorized_keys
>
> maildrop has the same problem with .mailfilter files.
Problems like that are expected to happen, and I think we should be
ready to fix them as they are found, so that the umask setting can
really be a choice of the system admin, not an imposition of certain
key programs who do not work well enough on systems having UPG and a
default umask of 002.
I remember that procmail had a similar problem, and the author
implemented a build macro for systems having UPG. From the changelog:
1999/03/02: v3.12
Changes to procmail:
- Don't use $HOME/.procmailrc if it's group-writable or in a
group-writable directory, unless it's the user's default group
and GROUP_PER_USER is set in config.h
Reply to: