This is a discussion on Re: ownership of authorized_keys - openssh ; Iain Morgan wrote: > On Thu Jan 19 08:06:11 2006, Han Boetes wrote: > > I would like to make it impossible for users to change the > > contents of the authorized_keys-file. > > > > I just found ...
Iain Morgan wrote:
> On Thu Jan 19 08:06:11 2006, Han Boetes wrote:
> > I would like to make it impossible for users to change the
> > contents of the authorized_keys-file.
> > I just found out about the sshd_config setting:
> > AuthorizedKeysFile /etc/ssh/authorized_keys/%u
> > But even in that case that file has to be owned by the user,
> > unless I set ``StrictModes no'' which would allow other
> > nastyness. I would like to request that that file could also
> > be owned by root, so I can make that file immutable for the
> > user, even on filesystems which don't support the immutable
> > flag, for example jfs on GNU/Linux.
> That's already the case. The files can be owned by root, but
> they must be readable by the user. Either use a per-user group
> or POSIX ACLs to allow the user to read the contents.
Thanks, that can be done.
_ Is this foreplay? No, this is Nuke Strike. Foreplay has lousy
_V.-o graphics. Beat me again. -- Duckert, in Bad Rubber, Albedo #0
/ |`-' (comics)
openssh-unix-dev mailing list