[ELDK] Permissions on /root directory keep ssh from working properly
Phil Terry
pterry at vmetro.com
Wed Nov 12 21:55:55 CET 2008
On Wednesday 12 November 2008 12:34:17 pm Wolfgang Denk wrote:
> Dear Phil,
>
> In message <200811100919.47924.pterry at vmetro.com> you wrote:
> > > > Yes, I mean the user keys. In a user-less system (i.e. everything
> > > > is root, which I suspect is quite common in DENX as in other embedded
> > > > linux systems), this doesn't work with the default permissions of 775
> > > > on /root.
>
> Note the permissions we were talking about: 0775 ...
>
> > > If the user is "root", then the files should go into the "/root/.ssh"
> > > directory.
> >
> > And they do but if /root is writable then you could delete/rename
> > /root/.ssh and replace it with your own directory and files etc. A great
> > big security hole and hence the directory containing .ssh must not be
> > world writable.
>
> Permission 0775 is *not* world writable, though.
Sorry, sloppy use. As far as ssh is concerned group write access is anyone
writable as now we don't have keys incontrovertibly tied to a single user
identity anymore.
>
> Best regards,
>
> Wolfgang Denk
More information about the eldk
mailing list