authorized_keys files appear to need to be readable by the user logging in.

author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2008-06-23 19:09:25 -0400
committer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2008-06-23 19:09:25 -0400
commit: 0fac6a0db5524d6b9824ef205bdd809ad762fd32 (patch)
tree: d1e4df7e5cd6dcca130f1ad0f399751a0c3e8fe6
parent: 438d1fa8881a1f8359b5e91932bf42addefbffca (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 11e593b..35e0096 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -231,6 +231,13 @@ case $COMMAND in
 		fi
 	    fi
 
+            # openssh appears to check the contents of the
+            # authorized_keys file as the user in question, so the file
+            # must be readable by that user at least.
+            # FIXME: is there a better way to do this?
+            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+            chmod g+r "$AUTHORIZED_KEYS"
+
 	    # move the temp authorized_keys file into place
 	    mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2008-06-23 19:09:25 -0400
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2008-06-23 19:09:25 -0400
commit	0fac6a0db5524d6b9824ef205bdd809ad762fd32 (patch)
tree	d1e4df7e5cd6dcca130f1ad0f399751a0c3e8fe6
parent	438d1fa8881a1f8359b5e91932bf42addefbffca (diff)