[Bug 1089] StrictModes needs runtime granularity

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Sep 24 00:48:24 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1089





------- Additional Comments From tad at tadland.net  2005-09-24 00:48 -------
In O'Reilly's 'SSH: The Secure Shell: The Definitive Guide', is stated:

"Even if StrictModes is enabled, though, it can be defeated... First, sshd can
be compiled with the flag  -- enable-group-writeability [Section 4.1.5.2,
"Installation, files, and directories"], which makes group-writable files
acceptable to StrictModes. This can be useful for shared accounts, permitting
all members of a group to modify SSH-related files in an account."

I was under the impression this was referring to OpenSSH.

In short, though, regardless of the existence or lack thereof of such a flag, I
would like to be able to make group-writable acceptable to StrictModes without
having to turn StrictModes off and (so far) I have found no way to do this,
hence my feature request.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list