bugzilla-daemon at mindrot.org
2013-Apr-15 15:45 UTC
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: descala at gmail.com Created attachment 2245 --> https://bugzilla.mindrot.org/attachment.cgi?id=2245&action=edit Patch uid in auth2-pubkey.c If AuthorizedKeysCommandUser is set to a non-root user, AuthorizedKeysCommand is always reported as unsafe: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Unsafe AuthorizedKeysCommand: bad ownership or modes for file /xxx debug1: restore_uid: 0/0 the bug is easily fixed with the attached patch. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 01:08 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- What are the ownership and modes of the file in question? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 02:01 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- and what is AuthorizedKeysCommandUser set to? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 05:35 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 --- Comment #3 from descala at gmail.com --- The issue is, given any non-root user to AuthorizedKeysCommandUser, and given any combination of file permissions I am not able to avoid "bad ownership or modes for file". An instance of this behavior AuthorizedKeysCommand /test.sh AuthorizedKeysCommandUser user set owner to user.user and file permissions to 0500 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 23:43 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2248| |ok?(dtucker at zip.com.au) Flags| | --- Comment #4 from Damien Miller <djm at mindrot.org> --- Created attachment 2248 --> https://bugzilla.mindrot.org/attachment.cgi?id=2248&action=edit Document requirement for root-ownership of AuthorizedKeysCommand Requiring the command to be root-owned was intentional, but I realise that I failed to document that. This patch fixes the manual page to reflect this. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-19 01:00 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Blocks| |2076 --- Comment #5 from Damien Miller <djm at mindrot.org> --- Documentation updated. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:03 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-13 02:38 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2248|ok?(dtucker at dtucker.net) | Flags| | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- problem with AuthorizedKeysCommand on OpenBSD
- [Bug 2287] New: AuthorizedKeysCommandUser should have it's default documented
- [Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
- [Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
- AuthorizedKeysCommand support added