automatic upgrade changed /home/olpc/.ssh permissions?

[nealmcb]

It looks like my G1G1 machine was automatically upgraded last night, though I don't remember any warning beforehand or notification afterwards. I'm now running build 656. I see some info at http://wiki.laptop.org/go/Update_streams

My first hint that something had changed was when I tried to ssh in to the machine, and I couldn't get in because it asked me for a password. Normally it uses my ssh rsa key, and there is no functioning password on the account.

I got in the Terminal activity, did an su, and checked in /var/log/secure and saw this:

Apr 3 21:52:31 localhost sshd[1703]: Authentication refused: bad ownership or modes for directory /home/olpc/.ssh

I think the modes were

drwxrwx--- 2 olpc olpc 0 2008-01-19 19:33 .ssh

I used "chmod g-rwx .ssh" to change them back to

drwx------ 2 olpc olpc 0 2008-01-19 19:33 .ssh

and I could log in via my ssh authorized_keys after that.

Now, using

ls -lcd .??*/

I see that all my other hidden directories in $HOME now have mode 770, with an inode mod date from last night, which seems odd. E.g.

drwxrwx--- 2 olpc olpc 0 2008-04-03 21:49 .gconf/

Is some upgrade script fouling things up?

[cscott]

Michael, do you know if olpc-configure might have done this?

[mstone]

This is a duplicate of #5320: SSH gets upset when (mode($HOME/.ssh) & 0077) > 1) AND olpc-configure in official-656 assigns mode 0770 to almost all directories in /home/olpc. The bug is avoided in Update.1 (official-703), where olpc-configure special cases /home/olpc/.ssh.

[mstone]

Incidentally, olpc-configure lives here in olpc-utils. If you're curious about what's going on, check out update_home_permissions() in v0.48.2 (which is the version in 656) and v0.68 (which is the version in 703).

[gregorio]

Milestone Never Assigned deleted