[Bug 1584] New: umask setting in sshd

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 2 18:50:59 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1584

           Summary: umask setting in sshd
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: leo.baltus at omroep.nl


We just upgraded from openssh-5.0p1 to openssh-5.2p1 (linux) to find
out 
that sshd changes its umask to drop group-write permissions.

We deliberatly set umask 002 prior to starting sshd to allow
group-writeable files to be created.

I am not sure why this is done, but it breaks our setup and also breaks
expected behaviour. Also I could not find any discussion on the list in
the months leading up to this change, it only seems to be documented in
the ChangeLog:

20080615
[...]
   - dtucker at cvs.openbsd.org 2008/06/14 17:07:11
     [sshd.c]
     ensure default umask disallows at least group and world write; ok
djm@

The packaged opensshd.init.in also assumes umask can be set prior to
starting sshd.

Therefor I propose to either undo this change (patch), or make it
configurable in sshd_config.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list