openssh directory permissions bug or feature?
Norbert Preining
preining at logic.at
Thu Nov 16 01:03:44 EST 2000
[please Cc: to me since I am not subscribed to the list]
Dear Security gurus!
I have installed openssh-2.3.0p1 on a lan and want to allow various
users to log in as user staff on the server machine, the users are
sitting on diskless clients. (All linux)
But: RhostRSAAuthentication only works when the PARENT directory
of the home-directory of the user to whom we want to log on is
at least world executable.
I.e. if we have
server:/home/maingroup permissions 750
and
server:/home/maingroup/staff
And
server:/home/maingroup/staff/.rhost
foo.domain.org preining
and from
preining at client: ssh -l staff server
Then the RhostsRSAAuthentication fails and I have to type in the
passwd.
BUT when I change th epermissions of
server:/home/maingroup
from 750 to 751
it is working well.
I think that this must be because the sshd changes to uid nobody
most of the times, and only when accessing various sysfiles it changes
to root and back.
Is this a bug? or a feature? Because we have reasons to have the
permissions set to 750.
Best wishes
Norbert Preining
--
ciao
norb
+-------------------------------------------------------------------+
| Norbert Preining http://www.logic.at/people/preining |
| University of Technology Vienna, Austria preining at logic.at |
| DSA: 0x09C5B094 (RSA: 0xCF1FA165) mail subject: get [DSA|RSA]-key |
+-------------------------------------------------------------------+
More information about the openssh-unix-dev
mailing list