diff options
| author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-07-11 16:00:22 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-07-11 16:00:22 -0400 |
| commit | 134b8c66bec679556bec90c4eef937d464a7950e (patch) | |
| tree | 0ef4f5987de2b28a1309cb7809bbdff7a66bdd43 | |
| parent | eb815bce0da27a24ad718c31b77e45032e3a5916 (diff) | |
explicitly set MONKEYSPHERE_GROUP
The monkeysphere group is now determined from the system "groups"
command, and then MONKEYSPHERE_GROUP is explicitly set from this, and
then used when setting group ownership.
| -rwxr-xr-x | src/monkeysphere-authentication | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 2 | ||||
| -rw-r--r-- | src/share/ma/setup | 6 | ||||
| -rw-r--r-- | src/share/mh/add_revoker | 2 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 2 |
5 files changed, 9 insertions, 5 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 5b98153..0e6f986 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }') PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS} @@ -137,6 +138,7 @@ export MODE export LOG_LEVEL export KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 507b47f..60b627a 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }') PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} # other variables @@ -238,6 +239,7 @@ export LOG_LEVEL export KEYSERVER export CHECK_KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export GNUPGHOME_HOST export GNUPGHOME diff --git a/src/share/ma/setup b/src/share/ma/setup index 4c87009..0ed0406 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -16,10 +16,10 @@ setup() { log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" chmod 0750 "${MADATADIR}" - chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}" mkdir -p "${MATMPDIR}" chmod 0750 "${MATMPDIR}" - chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" @@ -48,7 +48,7 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome log debug "fixing sphere gnupg home ownership..." - chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 077b0d0..c83cb24 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -64,7 +64,7 @@ else # fix permissions and ownership on temporary directory which will # be used by monkeysphere user for storing the downloaded key chmod 0700 "$tmpDir" - chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir" # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for keyID $keyID..." diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b0ffd93..ab1b2dc 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -29,7 +29,7 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) chmod 0700 "$GNUPGHOME" -chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT |