[PATCH] document evaluation of {Allow|Deny}{Users|Groups}
calestyo at scientia.net
calestyo at scientia.net
Sat Feb 21 13:09:14 AEDT 2015
From: Christoph Anton Mitterer <mail at christoph.anton.mitterer.name>
• Document what the evaluation order of AllowUsers, DenyUsers, AllowGroups and
DenyGroups actually means.
Fixes bug #2292.
Signed-off-by: Christoph Anton Mitterer <mail at christoph.anton.mitterer.name>
---
sshd_config.5 | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sshd_config.5 b/sshd_config.5
index fd44abe..a10b113 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -116,6 +116,8 @@ The allow/deny directives are processed in the following order:
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
.Pp
See PATTERNS in
.Xr ssh_config 5
@@ -176,6 +178,8 @@ The allow/deny directives are processed in the following order:
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
.Pp
See PATTERNS in
.Xr ssh_config 5
@@ -460,6 +464,8 @@ The allow/deny directives are processed in the following order:
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
.Pp
See PATTERNS in
.Xr ssh_config 5
@@ -479,6 +485,8 @@ The allow/deny directives are processed in the following order:
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
.Pp
See PATTERNS in
.Xr ssh_config 5
--
2.1.4
More information about the openssh-unix-dev
mailing list