On Sat, May 15, 2010 at 11:58:50AM -0400, Joey Hess wrote: > Colin Watson wrote: > > Are you sure you aren't a member of group games? > > I am not a member of games, The games user, though is, via /etc/passwd. > Not via /etc/group. > > j...@gnu:~>getent group games > games:x:60: > j...@gnu:~>getent passwd games > games:x:5:60:games:/usr/games:/bin/sh > j...@gnu:~>sudo -u games id > uid=5(games) gid=60(games) groups=60(games) > > Shouldn't the passwd group membership also be checked?
Ah, fair point, I was only checking supplementary groups. I'll fix that, thanks. > > A zero-member group, or any random group containing only the user, > > should clearly be fine in my book because the ownership of ~/.ssh/config > > by that group doesn't permit any other user to write to the file. > > I think that zero-member groups are typically used by sgid binaries, > so assuming noone else can access them is not entirely safe. You've persuaded me. The next upload of openssh will only permit groups with exactly one member. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
