Bug 2354

Summary:

please document that PermitRootLogin really checks for uid=0

Product:

Portable OpenSSH

Reporter:

Christoph Anton Mitterer <calestyo>

Component:

Documentation

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED WORKSFORME

Severity:

enhancement

CC:

djm

Priority:

Version:

6.7p1

Hardware:

All

OS:

All

Attachments:

Description	Flags
0001-document-that-PermitRootLogin-checks-for-uid-0.patch	none

Description Christoph Anton Mitterer 2015-02-20 12:18:18 AEDT

Hey.

I just found out that PermitRootLogin has the feature of really checking for UID=0 and not for the username "root"

I.e. it makes sense to have something like:
Match user toor
   PermitRootLogin no

Which would allow "root=0" to log in, but not e.g. the "toor=0" user to log in, if it is an alternative root user.

:) nice feature! (bad name, though ^^)

Cheers,
Chris.

Comment 1 Damien Miller 2015-02-21 09:42:23 AEDT

I don't think this needs adjusting. Root in Unix is defined by UID and not username.

Comment 2 Christoph Anton Mitterer 2015-02-21 11:09:12 AEDT

Is adding a one liner to the manpage really that issue? ;-)

Well I just thought that it might be handy to people... and especially for the BSD guys,.. or didn't they have the tradition of having a "toor" user which is root as well but not called root?

Comment 3 Christoph Anton Mitterer 2015-02-21 15:18:14 AEDT

Created attachment 2553 [details]
0001-document-that-PermitRootLogin-checks-for-uid-0.patch

Comment 4 Christoph Anton Mitterer 2015-02-21 15:18:59 AEDT

forgot to attach the trivial patch I've had made, just in case you change your mind!

Comment 5 Damien Miller 2016-08-02 10:41:27 AEST

Close all resolved bugs after 7.3p1 release

Comment 6 Christoph Anton Mitterer 2016-08-02 11:22:35 AEST

Shouldn't this be rather marked CLOSED WONTFIX?

I mean it's still not documented as I proposed, so that would be the more appropriate status?