that "ownership of authorized_keys" question remembered be of
a problem we had end of last year.

we have some accounts where the user places files to process
in the home directory (by scp/sftp), a process running as a
diffent user processes those files and puts the results
back to the users homedir.
the homedir belongs to the user and the other users group
with rw access for the user and the group and the sticky bit set.

the current openssh versions complains about
"bad ownership or modes for directory" for the group write bit.
(had to turn off strict mode)

i was thinking about changing auth.c to check for the sticky bit,
if other/group write bits are set for the directory and allow that
in strict mode.
Would that open any security wholes i didn't think of ?

frank





__________________________________________________ _________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev