On Mon, 2011-08-29 at 21:18 -0700, Patrick wrote: > Just to be clear, I think that should be: > > **By default** it demands permissions of 0700 or less, and ownership > by the users who is trying to authenticate, or it will simply bypass > the file and carry on to the next authentication mechanism. > > I'm pretty sure that can be changed in /etc/ssh/sshd_config (or wherever)
The only way to do this that I'm aware of is by setting StrictModes to no, which seems a bit of a reach to prevent: > >>> There could be very good reasons to have root own these files. > >>> > >>> For instance, when I was at school, it was quite common for people > >>> to just add each other to their authorized_keys files so that > >>> things would be "easier". ...since, IIRC, it just skips the rights & ownership checks altogether, which is arguably a cure worse than the disease (globally enforcing bad practices by the system to "prevent" potential bad practices by some users). -- M -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.