On Jun 19, 2012 10:07 AM, "Jayson Vaughn" <vaughn.jay...@gmail.com> wrote: > > > On Jun 19, 2012 8:46 AM, "Neal Becker" <ndbeck...@gmail.com> wrote: > > > > Jayson Vaughn wrote: > > > > > I'm confused. As long as ~/.ssh is 700 it works for me. > > > On Jun 19, 2012 8:02 AM, "Neal Becker" <ndbeck...@gmail.com> wrote: > > > > > >> It's been true for a long time that fedora sets up home dir as 775. > > >> But ssh, with default settings, won't allow public keys to work when > > >> home dir has mode 775. > > >> > > >> Not only, but the poor new fedora user, who tries to ssh into his fedora > > >> box, won't see any message indicating what is wrong. Only if he/she can > > >> be root and read var/log/secure they may learn the reason. > > >> > > >> This is rediculous. I liked the idea of 775 when it was introduced, since > > >> it > > >> did solve an annoyance with the old unix groups. But then we should make > > >> the > > >> default fedora install work by setting the sshd config to allow it to > > >> accept > > >> this setup. > > >> > > >> -- > > >> devel mailing list > > >> devel@lists.fedoraproject.org > > >> https://admin.fedoraproject.org/mailman/listinfo/devel > > > > Are you sure?? > > > > ls -ld .ssh > > drwx------. 2 nbecker nbecker 4096 Jun 15 08:25 .ssh > > > > ls -ld ~/ > > drwxrwxr-x. 67 nbecker nbecker 4096 Jun 19 06:54 /home/nbecker/ > > > > Jun 19 09:44:41 nbecker5 sshd[25418]: Authentication refused: bad ownership or > > modes for directory /home/nbecker > > > > > > -- > > devel mailing list > > devel@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/devel > > Well, yes it works for me however my home directories are not created with 775 permissions by default. Everytime I use "useradd" the home directory is created as 700 - as it should be. > > Your home directories are created with permissions 775 by default?
What is your UMASK value in /etc/login.defs? It should be 077, which creates the home directories as 700.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
