bugzilla-daemon at mindrot.org
2014-Aug-15 13:10 UTC
[Bug 2262] New: Clarification for the usage of Match directives with negations
https://bugzilla.mindrot.org/show_bug.cgi?id=2262
Bug ID: 2262
Summary: Clarification for the usage of Match directives with
negations
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: sven at timegate.de
Created attachment 2460
--> https://bugzilla.mindrot.org/attachment.cgi?id=2460&action=edit
proposed clarification for the usage of negations with Match
Hi,
I tried to setup some special cases with the help of the "Match"
directive in sshd_config and stumbled over how negations in the
pattern matching work.
What I tried first was
Match User !root, Group !mygroup
which to my momentary surprise did not work.
After carefully re-reading the manpage, and some try and error
I've understood that the logic is based on set theory and I
tried to essentially exclude user/groups from an empty set, which
of course has no result and thus can not match anything.
So a
Match User *,!root, Group *,!mygroup
worked for my case.
I guess it's intentional that there is no kind of default
filling of the set you match on, so I would propose a patch
to the ssh_config.5 manpage to make it a bit more obvious.
I also posted that to the mailinglist some time ago but there was
no concrete feedback. So I'm just filling this bug so that the patch
proposal won't be lost unnoticed.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-28 13:27 UTC
[Bug 2262] Clarification for the usage of Match directives with negations
https://bugzilla.mindrot.org/show_bug.cgi?id=2262
Sven <sven at timegate.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.mindrot.or
| |g/show_bug.cgi?id=1680
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-28 13:28 UTC
[Bug 2262] Clarification for the usage of Match directives with negations
https://bugzilla.mindrot.org/show_bug.cgi?id=2262
Sven <sven at timegate.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.mindrot.or
| |g/show_bug.cgi?id=1918
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Apr-05 10:25 UTC
[Bug 2262] Clarification for the usage of Match directives with negations
https://bugzilla.mindrot.org/show_bug.cgi?id=2262
Facio2020 <ivan.2019.ifv at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ivan.2019.ifv at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
Possibly Parallel Threads
- Match directive and negations
- [Bug 1918] match_pattern_list fails for negated failure
- [Bug 1680] Match User/Group with no affirmative match does not work as expected
- Can connect directly, but not browse samba server from Windows Workgroup network
- Coding question for behavioral data analysis