Bug#539030: marked as done (openssh-server: 'unpredictable' umask for remote users / depending on umask during (re)start)
Your message dated Fri, 31 Jul 2009 16:17:09 +0000
with message-id <E1MWun7-00038W-8g@ries.debian.org>
and subject line Bug#539030: fixed in openssh 1:5.1p1-7
has caused the Debian Bug report #539030,
regarding openssh-server: 'unpredictable' umask for remote users / depending on umask during (re)start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
539030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539030
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:5.1p1-5
Severity: important
Problem:
It's difficult to create a predictable environment for restricted users
(e.g. upload account for shared hosting).
Explanation:
You are root. For some reason your current umask is e.g. 563. You don't pay
attention to your current umask. You restart the OpenSSH Server by invoking
"/etc/init.d/sshd restart". Now your weird umask applies to new remote
users even if they are chrooted and restricted to internal-sftp. (E.g. some
user connects with WinSCP, creates a folder and now its permissions are
-w- --x r--).
Configuration (/etc/ssh/sshd_config):
| [...]
| Match Group sftponly
| ChrootDirectory /home-restricted/%u
| X11Forwarding no
| AllowTcpForwarding no
| ForceCommand internal-sftp
Suggestion:
Add "umask 022" to the init-script or ask the OpenSSH team to provide
an 'default umask' option.
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-4-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debcon 1.5.24 Debian configuration management sy
ii dpkg 1.14.25 Debian package management system
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libssl0.9.8 0.9.8g-15+lenny1 SSL shared libraries
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii openssh-blackli 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.1p1-5 secure shell client, an rlogin/rsh
ii procps 1:3.2.7-11 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
-- debconf information:
ssh/vulnerable_host_keys:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:5.1p1-7
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_5.1p1-7_i386.udeb
to pool/main/o/openssh/openssh-client-udeb_5.1p1-7_i386.udeb
openssh-client_5.1p1-7_i386.deb
to pool/main/o/openssh/openssh-client_5.1p1-7_i386.deb
openssh-server-udeb_5.1p1-7_i386.udeb
to pool/main/o/openssh/openssh-server-udeb_5.1p1-7_i386.udeb
openssh-server_5.1p1-7_i386.deb
to pool/main/o/openssh/openssh-server_5.1p1-7_i386.deb
openssh_5.1p1-7.diff.gz
to pool/main/o/openssh/openssh_5.1p1-7.diff.gz
openssh_5.1p1-7.dsc
to pool/main/o/openssh/openssh_5.1p1-7.dsc
ssh-askpass-gnome_5.1p1-7_i386.deb
to pool/main/o/openssh/ssh-askpass-gnome_5.1p1-7_i386.deb
ssh-krb5_5.1p1-7_all.deb
to pool/main/o/openssh/ssh-krb5_5.1p1-7_all.deb
ssh_5.1p1-7_all.deb
to pool/main/o/openssh/ssh_5.1p1-7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 539030@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 31 Jul 2009 16:28:10 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:5.1p1-7
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell server, an rshd replacement
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 538301 539030
Changes:
openssh (1:5.1p1-7) unstable; urgency=low
.
* Update config.guess and config.sub from autotools-dev 20090611.1
(closes: #538301).
* Set umask to 022 in the init script as well as postinsts (closes:
#539030).
* Add ${misc:Depends} to keep Lintian happy.
* Use 'which' rather than 'type' in maintainer scripts.
* Upgrade to debhelper v7.
Checksums-Sha1:
7e4938057ba31eb2a88cde43c79e0bda7f80330a 1499 openssh_5.1p1-7.dsc
28737431597d9a4ae4ea0d7055cf13463c4d815b 228052 openssh_5.1p1-7.diff.gz
5d4f48c0dce9c64f798a6cbd492216ea3e1473f9 1214 ssh_5.1p1-7_all.deb
26d5000fc8be31a7ab45fc970b42674cb174b78c 116276 ssh-krb5_5.1p1-7_all.deb
fe264c2154ec67a905c711a6b7725c7b934c68e5 813092 openssh-client_5.1p1-7_i386.deb
0ca48c0fc5afba558f152084a02718fe2a169a84 293498 openssh-server_5.1p1-7_i386.deb
337ff344f53dcfc74895791c5c5b9a31e82ac083 123826 ssh-askpass-gnome_5.1p1-7_i386.deb
e6d5dbcb581b5161377c0e083852f5c62dec46e3 176512 openssh-client-udeb_5.1p1-7_i386.udeb
3b16987205182df0e02910d85a9f453682570261 197882 openssh-server-udeb_5.1p1-7_i386.udeb
Checksums-Sha256:
ed49e511f7ba944da2a2534f7bb04887fff13750c57afc5be057fe14fdb75384 1499 openssh_5.1p1-7.dsc
0f59ba48b33e76fecd5b2992c3004c935016c09df85a25dc554afa807a8d8dd2 228052 openssh_5.1p1-7.diff.gz
3d2cf3b5d11b2b3652f8d5b2909afd5636590a603a17f476befcca13ecbf905f 1214 ssh_5.1p1-7_all.deb
c76c5a78d377f7269b3d8d781795302fd0dd912d01f36d2b79ef7fc1c389e999 116276 ssh-krb5_5.1p1-7_all.deb
99542da1e6c6d7a13529f3be323d0666e0dabf567ce4eb720c742704fdb8c038 813092 openssh-client_5.1p1-7_i386.deb
2dc79f4b5c48417b1baa3e41184fe9308a608d91db8243e43ff60d243566874d 293498 openssh-server_5.1p1-7_i386.deb
6a70db26631428c61b97942a03eb724804840fa89f6831d6448f60d8ae9d790e 123826 ssh-askpass-gnome_5.1p1-7_i386.deb
46d6c7de68a12f3e51be4469c49edb191ee65edb61ab04da0da40710e645c727 176512 openssh-client-udeb_5.1p1-7_i386.udeb
85ed25c770c2f992232551e03480b74014bd1df076ba10a163451f74772e151a 197882 openssh-server-udeb_5.1p1-7_i386.udeb
Files:
6a1e42fa72f83c1c0820bb9c5fdaeafa 1499 net standard openssh_5.1p1-7.dsc
a1ff8922abeb45d2f343efcd90ba211a 228052 net standard openssh_5.1p1-7.diff.gz
c05a7426e2555edf0d7669230d4c43e5 1214 net extra ssh_5.1p1-7_all.deb
34ee22c59d489c9f4722f20a4e80d6e2 116276 net extra ssh-krb5_5.1p1-7_all.deb
0539f2583b9a989966b84bfaf973cff8 813092 net standard openssh-client_5.1p1-7_i386.deb
b14b4d3379fe8bd76556b125602aef5e 293498 net optional openssh-server_5.1p1-7_i386.deb
0c00dafe3b1da9021c7985263a40fe24 123826 gnome optional ssh-askpass-gnome_5.1p1-7_i386.deb
48613082435ba5646f6d347fb3a27f95 176512 debian-installer optional openssh-client-udeb_5.1p1-7_i386.udeb
3d5fde0ec7c4e6feab3f775985ce8353 197882 debian-installer optional openssh-server-udeb_5.1p1-7_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iD8DBQFKcxRj9t0zAhD6TNERAqLdAJ402+sBLT541BuUcDqSoX1AufezkgCdHk7v
SCZ/2nOn3oy2o2pi3lGStSc=
=uQex
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: