From: Colin Walters <walters@verbum.org>
Date: Thu, 14 Dec 2023 00:58:31 +0000 (-0500)
Subject: docs/CREDENTIALS: Don't write authorized_keys with executable bits
X-Git-Tag: v256-rc1~1493
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=47374e06014c5ef7de123607630e2094f3863b81;p=thirdparty%2Fsystemd.git

docs/CREDENTIALS: Don't write authorized_keys with executable bits

No reason to make this file executable.
---

diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md
index f508c84f4c6..153a42be547 100644
--- a/docs/CREDENTIALS.md
+++ b/docs/CREDENTIALS.md
@@ -455,7 +455,7 @@ qemu-system-x86_64 \
         -device scsi-hd,drive=hd,bootindex=1 \
         -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42 \
         -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 \
-        -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 700 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
+        -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
 ```
 
 A process on the host can listen for the notification, for example: