yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Chad Smith <1644064@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2017 15:47:49 -0000
Reply-to: Bug 1644064 <1644064@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: cloud-init (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  New
Status in cloud-init package in Ubuntu:
  New

Bug description:
  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

          lines = [str(l) for l in new_lines]
          util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

References

[Bug 1644064] [NEW] sshd_config file permission changed to 644 if ssh_pwauth value is true or false
From: GUO Larry, 2016-11-23