Bug 2092

Summary: AuthorizedKeysCommand: bad ownership or modes for file
Product: Portable OpenSSH Reporter: descala
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor CC: djm, dtucker
Priority: P5    
Version: 6.2p1   
Hardware: amd64   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2076    
Attachments:
Description Flags
Patch uid in auth2-pubkey.c
none
Document requirement for root-ownership of AuthorizedKeysCommand none

Description descala 2013-04-16 01:45:33 AEST 
Created attachment 2245 [details]
Patch uid in auth2-pubkey.c

If AuthorizedKeysCommandUser is set to a non-root user, AuthorizedKeysCommand is always reported as unsafe:

debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Unsafe AuthorizedKeysCommand: bad ownership or modes for file /xxx
debug1: restore_uid: 0/0

the bug is easily fixed with the attached patch.
Comment 1 Damien Miller 2013-04-16 11:08:16 AEST 
What are the ownership and modes of the file in question?
Comment 2 Darren Tucker 2013-04-16 12:01:18 AEST 
and what is AuthorizedKeysCommandUser set to?
Comment 3 descala 2013-04-16 15:35:48 AEST 
The issue is, given any non-root user to AuthorizedKeysCommandUser, and given any combination of file permissions I am not able to avoid "bad ownership or modes for file".

An instance of this behavior

AuthorizedKeysCommand /test.sh
AuthorizedKeysCommandUser user

set owner to user.user and file permissions to 0500
Comment 4 Damien Miller 2013-04-17 09:43:44 AEST 
Created attachment 2248 [details]
Document requirement for root-ownership of AuthorizedKeysCommand

Requiring the command to be root-owned was intentional, but I realise that I failed to document that. This patch fixes the manual page to reflect this.
Comment 5 Damien Miller 2013-04-19 11:00:36 AEST 
Documentation updated.
Comment 6 Damien Miller 2015-08-11 23:03:48 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1