Created attachment 2245 [details] Patch uid in auth2-pubkey.c If AuthorizedKeysCommandUser is set to a non-root user, AuthorizedKeysCommand is always reported as unsafe: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Unsafe AuthorizedKeysCommand: bad ownership or modes for file /xxx debug1: restore_uid: 0/0 the bug is easily fixed with the attached patch.
What are the ownership and modes of the file in question?
and what is AuthorizedKeysCommandUser set to?
The issue is, given any non-root user to AuthorizedKeysCommandUser, and given any combination of file permissions I am not able to avoid "bad ownership or modes for file". An instance of this behavior AuthorizedKeysCommand /test.sh AuthorizedKeysCommandUser user set owner to user.user and file permissions to 0500
Created attachment 2248 [details] Document requirement for root-ownership of AuthorizedKeysCommand Requiring the command to be root-owned was intentional, but I realise that I failed to document that. This patch fixes the manual page to reflect this.
Documentation updated.
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1