[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#581434: UPG and the default umask

On Fri, 14 May 2010, Joey Hess wrote:

> Vincent Danjean wrote:
> > I'm happy with this move. However, there is still an interaction with ssh
> > to deal with:
> 
> > vdanjean@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > vdanjean@eyak:~$ ssh localhost
> > vdanjean@localhost's password:
> > And, in /var/log/auth.log:
> > May 14 09:42:17 eyak sshd[1618]: Authentication refused: bad ownership or modes for file /home/vdanjean/.ssh/authorized_keys
> 
> maildrop has the same problem with .mailfilter files.

Problems like that are expected to happen, and I think we should be
ready to fix them as they are found, so that the umask setting can
really be a choice of the system admin, not an imposition of certain
key programs who do not work well enough on systems having UPG and a
default umask of 002.

I remember that procmail had a similar problem, and the author
implemented a build macro for systems having UPG. From the changelog:

1999/03/02: v3.12
      Changes to procmail:
          - Don't use $HOME/.procmailrc if it's group-writable or in a
            group-writable directory, unless it's the user's default group
            and GROUP_PER_USER is set in config.h
Reply to: