[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Impossible to change ownership of a file to user when user is UID 0


On Mon, May 01, 2023 at 04:37:34PM +0200, Pierre Willaime wrote:
> After some investigations, it is most likely a permission issue
> May  1 15:32:42 vm sshd[131848]: debug1: trying public key file /home/user/.ssh/authorized_keys
> May  1 15:32:42 vm sshd[131848]: debug1: fd 5 clearing O_NONBLOCK
> May  1 15:32:42 vm sshd[131848]: Authentication refused: bad ownership or modes for directory /home/user
> On this system (not installed by me), my user has an UID and GID of 0 in /etc/passwd. Several users share root privileges like this on the server.

The last time I saw systems managed like this was in 1995. At that
place and time it was desired for certain members of staff to be
able to log in to an alternate personal root account so that an
audit trail existed as to who was using the credentials.

I haven't seen it since that time probably because achieving that
goal (at least to the same extent as this "multiple roots" thing
achieves it¹) is now possible in many different, better ways. Use of
"sudo" would be one of the simpler examples

But as regards the problem at hand, SSH will object to your home
directory having group write permission. I don't see you list those
permissions in your email, so please check if that is the case. i.e.
your home directory should be rwxr-xr-x or more restrictive.


¹ Since each staff member has full root access they can usually find
  ways to circumvent any auditing once they are in as root.

https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to: