On Thu, Jun 23, 2011 at 06:00:11PM +0100, Martijn Koster wrote:
On 23 Jun 2011, at 17:06, Chris G wrote:
I don't really understand the reason for it either.
The reason is that if someone else in your group has write permission to your $HOME, they can create a new .ssh directory, and replace yours with it, and then trick you to get into the wrong hosts, or as the wrong user, or divulge your password, or expose your keys. Or they could mess with say your .bashrc.
On systems where you have per-user-groups (ie have the group name as your user name), that's not a problem, because there are no others in your group. On others systems, where your group may be for example "staff", that is a problem.
OK, so there is a risk on multi-user systems, I want to do this on a non multi-user system.
I only want group write set on one particular user, can anyone suggest a way to allow ssh public-key login to that user?
I'm not quite sure what you're asking here.
Can't you just remove group writability on the directory?
No, because I want to actually *use* the ability for two users (well, two different versions of me) to write to a single directory hierachy.