openssh directory permissions bug or feature?

Norbert Preining preining at logic.at
Thu Nov 16 01:03:44 EST 2000


[please Cc: to me since I am not subscribed to the list]

Dear Security gurus!

I have installed openssh-2.3.0p1 on a lan and want to allow various
users to log in as user staff on the server machine, the users are
sitting on diskless clients. (All linux)

But: RhostRSAAuthentication only works when the PARENT directory
of the home-directory of the user to whom we want to log on is
at least world executable.

I.e. if we have 
	server:/home/maingroup	permissions 750
and
	server:/home/maingroup/staff
And 
	server:/home/maingroup/staff/.rhost
		foo.domain.org  preining
and from
	preining at client: ssh -l staff server
Then the RhostsRSAAuthentication fails and I have to type in the
passwd.

BUT when I change th epermissions of
	server:/home/maingroup 
from 750 to 751
it is working well.

I think that this must be because the sshd changes to uid nobody
most of the times, and only when accessing various sysfiles it changes
to root and back.

Is this a bug? or a feature? Because we have reasons to have the
permissions set to 750.

Best wishes

Norbert Preining

-- 
ciao
norb

+-------------------------------------------------------------------+
| Norbert Preining              http://www.logic.at/people/preining |
| University of Technology Vienna, Austria        preining at logic.at |
| DSA: 0x09C5B094 (RSA: 0xCF1FA165) mail subject: get [DSA|RSA]-key |
+-------------------------------------------------------------------+





More information about the openssh-unix-dev mailing list