[Fusionforge-commits] FusionForge branch master updated. 5186520944eeb1cf3e40e5026c322909f9698a87

Sylvain Beucler beuc-inria at fusionforge.org
Wed Sep 17 11:08:51 CEST 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  5186520944eeb1cf3e40e5026c322909f9698a87 (commit)
      from  4608f7f28cc2e752132194591d7ae61c064f5092 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5186520944eeb1cf3e40e5026c322909f9698a87
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Sep 17 11:08:26 2014 +0200

    Remove group write permissions on directories containing ssh_akc.php otherwise openssh considers this a security hazard

diff --git a/src/post-install.d/shell/shell.sh b/src/post-install.d/shell/shell.sh
index 918fecb..aae1356 100755
--- a/src/post-install.d/shell/shell.sh
+++ b/src/post-install.d/shell/shell.sh
@@ -150,6 +150,13 @@ configure_sshd()
     chown ${system_user_ssh_akc} \
 	$(forge_get_config config_path)/config.ini.d/post-install-secrets-ssh_akc.ini
+    # Fix "Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /usr/local/share"
+    dir=$cmd
+    while [ "$dir" != '/' ]; do
+	dir=$(dirname $dir)
+	if [ -n "$(find $dir -maxdepth 0 -perm -g+w)" ]; then chmod g-w $dir; fi
+    done
     service $(forge_get_config ssh_service) restart


Summary of changes:
 src/post-install.d/shell/shell.sh |    7 +++++++
 1 file changed, 7 insertions(+)


More information about the Fusionforge-commits mailing list