sshd umask settings vs security
Jeremy Jackson
jerj at coplanar.net
Fri Sep 24 02:15:32 EST 2004
Damien Miller wrote:
> Jeremy Jackson wrote:
>
>>Will setting the umask that sshd inherits cause any security issues? It
>>would be nice to be able to set this in a system-wide fashion, rather
>>than in .login etc.
>
>
> If the umask is more restrictive than the default then no. If the
> umask is less restrictive than the default and sshd creates files
> with restrictive permissions, then that is a bug in sshd.
Of course. I guess I'm asking if anyone has tried this, so I have some
idea if it is reliable, or if I'm the first guy, and I will find the
bugs ;-{ I'm really concerned if a more permissive umask will cause any
files created internally by sshd to be insecure.
>
>
>>I'm thinking of Debian, where the setting is per-shell because nobody
>>seems to have thought of doing this.
>
>
> /etc/bashrc ?
I should have been more clear, that's what we have already. What if
they aren't using bash? I want to set the umask in one place,
regardless of what shell they are using. That's why I asked the question.
Thanks for the reply,
Jeremy
More information about the openssh-unix-dev
mailing list