[Bug 2016597] [NEW] Tests create ~/.ssh/authorized_keys group writable due to wrong umask

Lukas Märdian 2016597 at bugs.launchpad.net
Mon Apr 17 11:05:41 UTC 2023 

Public bug reported:

Traditionally, the default umask as been 0022, which is still the case
on Debian and for the root user on Ubuntu.

But for non-root users PAM sets a user's session umask to 0002 by
default (/etc/pam.d/common-session*), as defined in "/etc/login.defs"
via USERGROUPS_ENAB.

tinyssh's sshd will reject connections if ~/.ssh/authorized_key is writable by group/other.
The test case (re-)creates ~/.ssh/authorized_keys by echoing some strings/keys into it, which creates a new file on the default umask, breaking the test.

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: tinyssh (Ubuntu)
     Importance: Undecided
     Assignee: Lukas Märdian (slyon)
         Status: New


** Tags: update-excuse

** Tags added: update-excuse

** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: tinyssh (Ubuntu)
     Assignee: (unassigned) => Lukas Märdian (slyon)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2016597

Title:
  Tests create ~/.ssh/authorized_keys group writable due to wrong umask

Status in systemd package in Ubuntu:
  New
Status in tinyssh package in Ubuntu:
  New

Bug description:
  Traditionally, the default umask as been 0022, which is still the case
  on Debian and for the root user on Ubuntu.

  But for non-root users PAM sets a user's session umask to 0002 by
  default (/etc/pam.d/common-session*), as defined in "/etc/login.defs"
  via USERGROUPS_ENAB.

  tinyssh's sshd will reject connections if ~/.ssh/authorized_key is writable by group/other.
  The test case (re-)creates ~/.ssh/authorized_keys by echoing some strings/keys into it, which creates a new file on the default umask, breaking the test.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2016597/+subscriptions

More information about the foundations-bugs mailing list