[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Scott Moser]

This bug is believed to be fixed in cloud-init in 17.1. If this is still
a problem for you, please make a comment and set the state back to New

Thank you.

** Changed in: cloud-init
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Launchpad Bug Tracker]

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~17.04.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~17.04.1) zesty; urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 15:09:31 -0400

** Changed in: cloud-init (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Launchpad Bug Tracker]

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~16.10.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~16.10.1) yakkety; urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 13:38:40 -0400

** Changed in: cloud-init (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Launchpad Bug Tracker]

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~16.04.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~16.04.1) xenial-proposed; 
urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 12:51:04 -0400

** Changed in: cloud-init (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Chad Smith]

Validated yakkety and zesty---

cat config.yml 
#cloud-config
ssh_pwauth: true
for release in yakkety zesty; do ref=$release-proposed; lxc init $ref $name; 
lxc file pull $name/etc/ssh/sshd_config .; ls -l sshd_config; chmod 600 
sshd_config; lxc file push sshd_config $name/etc/ssh/sshd_config; lxc config 
set $name user.user-data - < config.yml; lxc start $name; sleep 10; lxc exec 
$name -- ls -ltr /etc/ssh/sshd_config; lxc exec $name -- dpkg -l cloud-init; 
lxc exec $name -- grep VERSION= /etc/os-release; lxc stop $name; lxc delete 
$name; done;
Creating proposed-test
-rw-r--r-- 1 csmith csmith 2506 May 12 13:34 sshd_config
-rw--- 1 ubuntu ubuntu 2506 May 12 19:34 /etc/ssh/sshd_config
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
ii  cloud-init 0.7.9-113-g5 all  Init scripts for cloud instances
VERSION="16.10 (Yakkety Yak)"
Creating proposed-test
-rw-r--r-- 1 csmith csmith 3296 May 12 13:35 sshd_config
-rw--- 1 ubuntu ubuntu 3296 May 12 19:35 /etc/ssh/sshd_config
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
ii  cloud-init 0.7.9-113-g5 all  Init scripts for cloud instances
VERSION="17.04 (Zesty Zapus)"


** Tags removed: verification-needed
** Tags added: verification-done-yakkety verification-done-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Chad Smith]

Verified xenial keeps sshd_config perms:

$ name=test-proposed
$ release=xenial
$ ref=$release-proposed
$ ./lxc-proposed-snapshot --proposed --publish $release $ref
$ lxc init $ref $name
$ lxc init $ref $name
Creating test-proposed
$ lxc file pull $name/etc/ssh/sshd_config .
$ ls -ltr sshd_config 
-rw-r--r-- 1 csmith csmith 2540 May 11 14:54 sshd_config
$ chmod 600 sshd_config 
$ ls -ltr sshd_config 
-rw--- 1 csmith csmith 2540 May 11 14:54 sshd_config
$ lxc file push sshd_config $name/etc/ssh/sshd_config;
$ cat config.yml 
#cloud-config
ssh_pwauth: true
$  lxc config set $name user.user-data - < config.yml;
$ lxc start $name
$ sleep 10
$ lxc exec $name -- ls -ltr /etc/ssh/sshd_config
-rw--- 1 ubuntu ubuntu 2540 May 11 20:55 /etc/ssh/sshd_config
$ lxc exec $name -- dpkg -l cloud-init
...
ii  cloud-init 0.7.9-113-g5 all  Init scripts for cloud instances


** Description changed:

  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.
  
  [Test Case]
  
  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot
  
- 
  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true
  
  name=proposed-test
  for release in xenial yakkety zesty; do \
-  ref=$release-proposed;
-  lxc-proposed-snapshot --proposed --publish $release $ref;
-  lxc init $ref $name;
-  lxc start $name;
-  sleep 10;
-  lxc file pull $name/etc/ssh/sshd_config .;
-  chmod 600 sshd_config;
-  lxc file push sshd_config $name/etc/ssh/sshd_config;
-  lxc config set $name user.user-data - < config.yml;
-  lxc start;
-  sleep 10;
-  lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
-  lxc stop $name;
-  lxc delete $name;
+  ref=$release-proposed;
+  lxc-proposed-snapshot --proposed --publish $release $ref;
+  lxc init $ref $name;
+  lxc file pull $name/etc/ssh/sshd_config .;
+  chmod 600 sshd_config;
+  lxc file push sshd_config $name/etc/ssh/sshd_config;
+  lxc config set $name user.user-data - < config.yml;
+  lxc start;
+  sleep 10;
+  lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
+  lxc stop $name;
+  lxc delete $name;
  done
  
  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.
  
  [Other Info]
  
  === End SRU Template ===
  
- 
- In my deploy image, the default permission of sshd_config file is 600. It 
always be changed to 644 after cloud-init run. After debug, it is caused by 
cloud-config item:
+ In my deploy image, the default permission of sshd_config file is 600.
+ It always be changed to 644 after cloud-init run. After debug, it is
+ caused by cloud-config item:
  
  ssh_pwauth: true
  
  The related code is:
  
  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.
  
  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.
  
  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Steve Langasek]

Hello GUO, or anyone else affected,

Accepted cloud-init into zesty-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/cloud-
init/0.7.9-113-g513e99e0-0ubuntu1~17.04.1 in a few hours, and then in
the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: cloud-init (Ubuntu Zesty)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Steve Langasek]

Hello GUO, or anyone else affected,

Accepted cloud-init into yakkety-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/cloud-
init/0.7.9-113-g513e99e0-0ubuntu1~16.10.1 in a few hours, and then in
the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: cloud-init (Ubuntu Yakkety)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Steve Langasek]

Hello GUO, or anyone else affected,

Accepted cloud-init into xenial-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/cloud-
init/0.7.9-113-g513e99e0-0ubuntu1~16.04.1 in a few hours, and then in
the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: cloud-init (Ubuntu Xenial)
   Status: Confirmed => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Scott Moser]

** Also affects: cloud-init (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: cloud-init (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: cloud-init (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: cloud-init (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Yakkety)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Artful)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Chad Smith]

** Description changed:

- In my deploy image, the default permission of sshd_config file is 600.
- It always be changed to 644 after cloud-init run. After debug, it is
- caused by cloud-config item:
+ === Begin SRU Template ===
+ [Impact]
+ Existing security permissions on /etc/ssh/sshd_config file are not honored.
+ 
+ [Test Case]
+ 
+ wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
+ chmod 755 lxc-proposed-snapshot
+ 
+ 
+ # create config.yaml
+ cat config.yaml
+ #cloud-config
+ ssh_pwauth: true
+ 
+ name=proposed-test
+ for release in xenial yakkety zesty; do \
+  ref=$release-proposed;
+  lxc-proposed-snapshot --proposed --publish $release $ref;
+  lxc init $ref $name;
+  lxc start $name;
+  sleep 10;
+  lxc file pull $name/etc/ssh/sshd_config .;
+  chmod 600 sshd_config;
+  lxc file push sshd_config $name/etc/ssh/sshd_config;
+  lxc config set $name user.user-data - < config.yml;
+  lxc start;
+  sleep 10;
+  lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
+  lxc stop $name;
+  lxc delete $name;
+ done
+ 
+ [Regression Potential]
+ Minimal as we are now honoring file permissions if an sshd_config file exists.
+ 
+ [Other Info]
+ 
+ === End SRU Template ===
+ 
+ 
+ In my deploy image, the default permission of sshd_config file is 600. It 
always be changed to 644 after cloud-init run. After debug, it is caused by 
cloud-config item:
  
  ssh_pwauth: true
  
  The related code is:
  
- lines = [str(l) for l in new_lines]
- util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
+ lines = [str(l) for l in new_lines]
+ util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.
  
  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.
  
  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Scott Moser]

Fixed in 721348a622a660b65acfdf7fdf53203b47f80748

** Changed in: cloud-init
   Importance: Undecided => Medium

** Changed in: cloud-init
   Status: New => Fix Committed

** Changed in: cloud-init
 Assignee: (unassigned) => Lars Kellogg-Stedman (larsks)

** Also affects: cloud-init (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Changed in: cloud-init (Ubuntu Artful)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Chad Smith]

** Also affects: cloud-init (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs