Question about AllowUsers and AllowGroups

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Aug 10 08:17:15 EST 2004


This has been brought up before.. I supplied a patch.. It was turned down
because this is the same syntax/design as the older ssh releases.

I personally think it is a misfeature or broken, but to fix it now would
more than likely mean picking new sshd_config names and stop supporting
the ones.

- Ben

On Mon, 9 Aug 2004, Andreas wrote:

> While testing some AllowUsers and AllowGroups combinations I was surprised
> to find that one cannot be used to override the other. For example:
>
> AllowGroups administrators
> AllowUsers john
>
> If john is *not* part of the administrators group, then access is being denied.
> Is this the expected behaviour? This would force me to create another group just
> for ssh, something like ssh-admins.
>
> This other excerpt works as expected, at least for me:
>
> AllowGroups administrators
> DenyUsers johnadmin
>
> If johnadmin is part of the administrators group, he is still denied access.
>
> This all with openssh-3.8.1p1 on Linux.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list