You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have read the contributing guideline and understand that I have made the correct modifications
Description:
This PR changes how code-server manages files in the /config/.ssh directory on startup. Three scoped find commands replace the existing chown and enforces the correct file permission for directories, private keys, and public keys that may be present.
Benefits of this PR and context:
The .ssh can have other files in that directory which the current. Although it addresses unsafe permissions and satisfies the client, the current behavior over corrects what those permissions should be and potentially disrupt how that directory is organized.
mkdir -p temp-ssh/hi
touch temp-ssh/{hello,key.pub}
chmod 777 temp-ssh/*
ls -alth temp-ssh
# this will need to be stopped after it completes its startup
docker run --rm -v "$PWD/temp-ssh:/config/.ssh" -e "PUID=$(id -u)" -e "PGID=$(id -g)" lscr.io/linuxserver/code-server:latest
ls -alth temp-ssh
Subdirectories should remain user at least 700, public keys should have 644 permissions, and private keys 600.
PR looks excellent, thanks @markagonzales - just run into this issue myself and I'm currently working around it with custom-cont-init.d, but it'd be good to get this into a better state. @aptalca or @thespad (probably?) - could you review this? :D
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Description:
This PR changes how
code-servermanages files in the/config/.sshdirectory on startup. Three scoped find commands replace the existingchownand enforces the correct file permission for directories, private keys, and public keys that may be present.Benefits of this PR and context:
The
.sshcan have other files in that directory which the current. Although it addresses unsafe permissions and satisfies the client, the current behavior over corrects what those permissions should be and potentially disrupt how that directory is organized.How Has This Been Tested?
A nod to the recommendation to NOT mount into an existing mount path but for testing purposes...
Subdirectories should remain user at least 700, public keys should have 644 permissions, and private keys 600.
Source / References: