[Bug 1060] ~/.ssh/config check too strict on systems with per-user groups

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jul 4 10:23:58 EST 2005


------- Additional Comments From cjwatson at debian.org  2005-07-04 10:23 -------
(In reply to comment #2)
> I don't like these complex heuristics, especially since they depend on
> properties of the user and group name.

The only reason the user name is used is because struct group only lets you
inspect group membership by means of the user name.

> It looks like it would also break on users who are directly assigned to
> another user's group in /etc/passwd.

Hmm, there is probably an issue if that other user was not explicitly listed in
his/her primary group in /etc/group, yes. I'll investigate that.

> Why can't you just warn your users? (suggestion 5 in the Debian bug).

The test is wrong for us and causes ssh not to work *by default* as soon as you
create a client config file, unless you take measures which aren't clearly
documented in the error message and ought to be unnecessary in any case. I do
not believe that giving up and merely documenting the problem is a valid
response from me to this bug report.

Suggestion 5 is about trawling through users' home directories on package
installation, which is entirely unacceptable and a cure worse than the disease.

Thanks for your response.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list