ownership of authorized_keys
Iain Morgan
imorgan at nas.nasa.gov
Wed Feb 1 04:11:19 EST 2006
On Mon Jan 30 15:17:20 2006, David Woodhouse wrote:
>
> On Thu, 2006-01-19 at 09:09 -0800, Iain Morgan wrote:
> > That's already the case. The files can be owned by root, but they must
> > be readable by the user. Either use a per-user group or POSIX ACLs to
> > allow the user to read the contents.
>
> Or just allow them to be world-readable, of course. These are _public_
> keys we're talking about, after all.
>
> --
True. However in the case of command-restricted keys, it may not be desirable
to divulge the command associated with a particular key to arbitrary users.
Essentially it's the standard axiom of least privileges.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list