relies on group permissions for authorized_keys file
14:47 < vagrantc> do the permissions on /var/lib/monkeysphere/authorized_keys file depend on the user being in their own group to prevent others from seeing which keys are authorized? 14:48 < vagrantc> it's not uncommon for network based authentication setups to have a shared primary group for all users... 14:48 < vagrantc> or classes of users 14:50 <@dkg> vagrantc: hrm, yes, that's true. 14:51 <@dkg> i personally really don't like shared groups as primary groups 14:51 <@dkg> but you're right that it ends up being potentially problematic here. 14:51 <@dkg> another implementation option would be to use acls on those files 14:51 <@dkg> but that requires acls enabled on /var 14:52 <@dkg> which i suspect many folks don't have 14:53 <@dkg> vagrantc: if you offered a patch that would try setfacl on those files, and fall back to chgrping them if setfacl either isn't available or doesn't work, i'd be happy to fold that in. 14:53 <@dkg> then admins who want that special case have the option of mounting /var with the acl option and installing the acl package on their system 14:54 < vagrantc> dkg: it's not a use-case i use personally, but have seen the issue with many LTSP installs, and figured it was worth mentioning. 14:54 <@dkg> yup. 14:54 <@dkg> if you don't feel like writing a patch, could you at least open an issue in the monkeysphere tracker with the above exchange? 14:54 <@dkg> i agree it's worth considering
(from redmine: created on 2010-10-01)