[PATCH] document evaluation of {Allow|Deny}{Users|Groups}

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



From: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

• Document what the evaluation order of AllowUsers, DenyUsers, AllowGroups and
  DenyGroups actually means.
  Fixes bug #2292.

Signed-off-by: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
---
 sshd_config.5 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sshd_config.5 b/sshd_config.5
index fd44abe..a10b113 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -116,6 +116,8 @@ The allow/deny directives are processed in the following order:
 .Cm DenyGroups ,
 and finally
 .Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
 .Pp
 See PATTERNS in
 .Xr ssh_config 5
@@ -176,6 +178,8 @@ The allow/deny directives are processed in the following order:
 .Cm DenyGroups ,
 and finally
 .Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
 .Pp
 See PATTERNS in
 .Xr ssh_config 5
@@ -460,6 +464,8 @@ The allow/deny directives are processed in the following order:
 .Cm DenyGroups ,
 and finally
 .Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
 .Pp
 See PATTERNS in
 .Xr ssh_config 5
@@ -479,6 +485,8 @@ The allow/deny directives are processed in the following order:
 .Cm DenyGroups ,
 and finally
 .Cm AllowGroups .
+The first one that matches determines whether the login is allowed or
+denied, with the later processed directives being ignored.
 .Pp
 See PATTERNS in
 .Xr ssh_config 5
-- 
2.1.4

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux