sshd umask settings vs security

Jeremy Jackson jerj at coplanar.net
Fri Sep 24 02:15:32 EST 2004


Damien Miller wrote:
> Jeremy Jackson wrote:
> 
>>Will setting the umask that sshd inherits cause any security issues?  It 
>>would be nice to be able to set this in a system-wide fashion, rather 
>>than in .login etc.
> 
> 
> If the umask is more restrictive than the default then no. If the
> umask is less restrictive than the default and sshd creates files
> with restrictive permissions, then that is a bug in sshd.

Of course.  I guess I'm asking if anyone has tried this, so I have some 
idea if it is reliable, or if I'm the first guy, and I will find the 
bugs ;-{  I'm really concerned if a more permissive umask will cause any 
files created internally by sshd to be insecure.
> 
> 
>>I'm thinking of Debian, where the setting is per-shell because nobody 
>>seems to have thought of doing this.
> 
> 
> /etc/bashrc ?

I should have been more clear, that's what we have already.  What if 
they aren't using bash?  I want to set the umask in one place, 
regardless of what shell they are using.  That's why I asked the question.

Thanks for the reply,

Jeremy




More information about the openssh-unix-dev mailing list