On Mon, 2010-05-17 at 10:31 +0200, Vincent Danjean wrote: > Base-files package just switched to umask 002 by default for new install > (see #248140 and discussion in d-devel). However, with this setup, > openssh-server babdly behave. It is similar to #314347 that was opened > for openssh-client and permission chechs for $HOME/.ssh/config. > The fix for this bug should probably be similar. So do you suggest that also group-readable/writable authorized_keys files should be accepted by openssh? You probably know that I was already one of the strong opponents of the recent umask changes,... but this would go really to far. It's not guaranteed that a system uses UPGs (old systems) neither that a user will keep this setup (new systems). Requiring special permissions for some files was done for good reason. Debian shouldn't completely drop security just for awkward user/group setups. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature