ownership of authorized_keys
Iain Morgan
imorgan at nas.nasa.gov
Fri Jan 20 04:09:26 EST 2006
On Thu Jan 19 08:06:11 2006, Han Boetes wrote:
>
> Hi,
>
> I would like to make it impossible for users to change the
> contents of the authorized_keys-file.
>
> I just found out about the sshd_config setting:
>
> AuthorizedKeysFile /etc/ssh/authorized_keys/%u
>
> But even in that case that file has to be owned by the user,
> unless I set ``StrictModes no'' which would allow other
> nastyness. I would like to request that that file could also be
> owned by root, so I can make that file immutable for the user,
> even on filesystems which don't support the immutable flag, for
> example jfs on GNU/Linux.
>
That's already the case. The files can be owned by root, but they must be readable
by the user. Either use a per-user group or POSIX ACLs to allow the user to read
the contents.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list