[Apparmor-general] Overly tight subdomain profile broke my SSH key
Michael James
Michael.James at csiro.au
Sun Mar 25 20:42:27 MDT 2007
The profile in /etc/subdomain.d/program-chunks/user-ssh-keys
won't work for home directories anywhere but /home/<user>
So if you use the /home/<group>/<user>/ location for home dirs,
subdomain will deny r access to ~/.ssh/authorized_keys
and automatic logins won't work.
IMHO the profile should be amended from:
/home/*/.ssh/authorized_keys{,2} r,
to:
/home/**/.ssh/authorized_keys{,2} r,
The extra * seems (I tested it but haven't read the doco)
to allow any number of intervening directories.
Is this the correct forum so submit this suggestion?
michaelj
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.
More information about the Apparmor-general
mailing list