bugzilla-daemon at mindrot.org
2013-Apr-15 15:45 UTC
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Bug ID: 2092
Summary: AuthorizedKeysCommand: bad ownership or modes for file
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: descala at gmail.com
Created attachment 2245
--> https://bugzilla.mindrot.org/attachment.cgi?id=2245&action=edit
Patch uid in auth2-pubkey.c
If AuthorizedKeysCommandUser is set to a non-root user,
AuthorizedKeysCommand is always reported as unsafe:
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Unsafe AuthorizedKeysCommand: bad ownership or modes for file /xxx
debug1: restore_uid: 0/0
the bug is easily fixed with the attached patch.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 01:08 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
What are the ownership and modes of the file in question?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 02:01 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
and what is AuthorizedKeysCommandUser set to?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 05:35 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 --- Comment #3 from descala at gmail.com --- The issue is, given any non-root user to AuthorizedKeysCommandUser, and given any combination of file permissions I am not able to avoid "bad ownership or modes for file". An instance of this behavior AuthorizedKeysCommand /test.sh AuthorizedKeysCommandUser user set owner to user.user and file permissions to 0500 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-16 23:43 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2248| |ok?(dtucker at zip.com.au)
Flags| |
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Created attachment 2248
--> https://bugzilla.mindrot.org/attachment.cgi?id=2248&action=edit
Document requirement for root-ownership of AuthorizedKeysCommand
Requiring the command to be root-owned was intentional, but I realise
that I failed to document that. This patch fixes the manual page to
reflect this.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Apr-19 01:00 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Blocks| |2076
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Documentation updated.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:03 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-13 02:38 UTC
[Bug 2092] AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2248|ok?(dtucker at dtucker.net) |
Flags| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- problem with AuthorizedKeysCommand on OpenBSD
- [Bug 2287] New: AuthorizedKeysCommandUser should have it's default documented
- [Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
- [Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
- AuthorizedKeysCommand support added