please remove permission check that disallows private-group access.

L A Walsh openssh at tlinx.org
Sat Oct 20 04:36:33 AEDT 2018


Third party programs should not be dictating to users how
to manage their systems.  Things like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for '/Users/law.Bliss/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others
This private key will be ignored.
Load key "/Users/law.Bliss/.ssh/id_rsa": bad permissions

1) how would you know if they are "too open".  I assign a group to
each user.  How would they claim my permissions are "bad". 

2) In this specific  case, my local-machine and domain login
are different UID's, so I put them in the same GID to allow
access no matter UID I am logged in with. 

3) It may give some users a false sense of "security" if they believe
that setting perms to something like 0600 will give them the security of
only their 1 login having access.  They had better not rely on that.

4) I no longer get the warning -- I can simple change the permission
bits to match what is wanted then add my group as an acl -- which
gives the group full access but circumvents the irrelevant warning.

5) since my home directory is exported and mountable via samba, anyone
in the administrators or Domain Admins group (among others) can read it
as well.

6) I.e. the warning message is outdated, inaccurate and not really needed.

Thanks much!
-linda



More information about the openssh-unix-dev mailing list