openssh bugs - Feb 2015 - [Bug 2354] New: please document that PermitRootLogin really checks for uid=0

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

            Bug ID: 2354
           Summary: please document that PermitRootLogin really checks for
                    uid=0
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.net

Hey.

I just found out that PermitRootLogin has the feature of really
checking for UID=0 and not for the username "root"

I.e. it makes sense to have something like:
Match user toor
   PermitRootLogin no

Which would allow "root=0" to log in, but not e.g. the
"toor=0" user to
log in, if it is an alternative root user.

:) nice feature! (bad name, though ^^)

Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I don't think this needs adjusting. Root in Unix is defined by UID and
not username.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

--- Comment #2 from Christoph Anton Mitterer <calestyo at scientia.net>
---
Is adding a one liner to the manpage really that issue? ;-)

Well I just thought that it might be handy to people... and especially
for the BSD guys,.. or didn't they have the tradition of having a
"toor" user which is root as well but not called root?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

--- Comment #3 from Christoph Anton Mitterer <calestyo at scientia.net>
---
Created attachment 2553
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2553&action=edit
0001-document-that-PermitRootLogin-checks-for-uid-0.patch

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

--- Comment #4 from Christoph Anton Mitterer <calestyo at scientia.net>
---
forgot to attach the trivial patch I've had made, just in case you
change your mind!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354

--- Comment #6 from Christoph Anton Mitterer <calestyo at scientia.net>
---
Shouldn't this be rather marked CLOSED WONTFIX?

I mean it's still not documented as I proposed, so that would be the
more appropriate status?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.