On Jun 19, 2012 10:07 AM, "Jayson Vaughn" <vaughn.jayson@xxxxxxxxx> wrote:
>
>
> On Jun 19, 2012 8:46 AM, "Neal Becker" <ndbecker2@xxxxxxxxx> wrote:
> >
> > Jayson Vaughn wrote:
> >
> > > I'm confused. As long as ~/.ssh is 700 it works for me.
> > > On Jun 19, 2012 8:02 AM, "Neal Becker" <ndbecker2@xxxxxxxxx> wrote:
> > >
> > >> It's been true for a long time that fedora sets up home dir as 775.
> > >> But ssh, with default settings, won't allow public keys to work when
> > >> home dir has mode 775.
> > >>
> > >> Not only, but the poor new fedora user, who tries to ssh into his fedora
> > >> box, won't see any message indicating what is wrong. Only if he/she can
> > >> be root and read var/log/secure they may learn the reason.
> > >>
> > >> This is rediculous. I liked the idea of 775 when it was introduced, since
> > >> it
> > >> did solve an annoyance with the old unix groups. But then we should make
> > >> the
> > >> default fedora install work by setting the sshd config to allow it to
> > >> accept
> > >> this setup.
> > >>
> > >> --
> > >> devel mailing list
> > >> devel@xxxxxxxxxxxxxxxxxxxxxxx
> > >> https://admin.fedoraproject.org/mailman/listinfo/devel
> >
> > Are you sure??
> >
> > ls -ld .ssh
> > drwx------. 2 nbecker nbecker 4096 Jun 15 08:25 .ssh
> >
> > ls -ld ~/
> > drwxrwxr-x. 67 nbecker nbecker 4096 Jun 19 06:54 /home/nbecker/
> >
> > Jun 19 09:44:41 nbecker5 sshd[25418]: Authentication refused: bad ownership or
> > modes for directory /home/nbecker
> >
> >
> > --
> > devel mailing list
> > devel@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/devel
>
> Well, yes it works for me however my home directories are not created with 775 permissions by default. Everytime I use "useradd" the home directory is created as 700 - as it should be.
>
> Your home directories are created with permissions 775 by default?
What is your UMASK value in /etc/login.defs? It should be 077, which creates the home directories as 700.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
