summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-07-11 16:00:22 -0400
committerJameson Graef Rollins <jrollins@finestructure.net>2009-07-11 16:00:22 -0400
commit134b8c66bec679556bec90c4eef937d464a7950e (patch)
tree0ef4f5987de2b28a1309cb7809bbdff7a66bdd43
parenteb815bce0da27a24ad718c31b77e45032e3a5916 (diff)
explicitly set MONKEYSPHERE_GROUP
The monkeysphere group is now determined from the system "groups" command, and then MONKEYSPHERE_GROUP is explicitly set from this, and then used when setting group ownership.
-rwxr-xr-xsrc/monkeysphere-authentication2
-rwxr-xr-xsrc/monkeysphere-host2
-rw-r--r--src/share/ma/setup6
-rw-r--r--src/share/mh/add_revoker2
-rw-r--r--src/share/mh/publish_key2
5 files changed, 9 insertions, 5 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 5b98153..0e6f986 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS}
RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS}
@@ -137,6 +138,7 @@ export MODE
export LOG_LEVEL
export KEYSERVER
export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
export PROMPT
export CHECK_KEYSERVER
export REQUIRED_USER_KEY_CAPABILITY
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 507b47f..60b627a 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
# other variables
@@ -238,6 +239,7 @@ export LOG_LEVEL
export KEYSERVER
export CHECK_KEYSERVER
export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
export PROMPT
export GNUPGHOME_HOST
export GNUPGHOME
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 4c87009..0ed0406 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -16,10 +16,10 @@ setup() {
log debug "checking authentication directory structure..."
mkdir -p "${MADATADIR}"
chmod 0750 "${MADATADIR}"
- chgrp "$MONKEYSPHERE_USER" "${MADATADIR}"
+ chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}"
mkdir -p "${MATMPDIR}"
chmod 0750 "${MATMPDIR}"
- chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}"
+ chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}"
mkdir -p "${GNUPGHOME_CORE}"
chmod 0700 "${GNUPGHOME_CORE}"
mkdir -p "${GNUPGHOME_SPHERE}"
@@ -48,7 +48,7 @@ EOF
# make sure the monkeysphere user owns everything in the sphere
# gnupghome
log debug "fixing sphere gnupg home ownership..."
- chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
+ chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
# get fingerprint of core key. this should be empty on unconfigured systems.
local CORE_FPR=$(core_fingerprint)
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 077b0d0..c83cb24 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -64,7 +64,7 @@ else
# fix permissions and ownership on temporary directory which will
# be used by monkeysphere user for storing the downloaded key
chmod 0700 "$tmpDir"
- chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir"
+ chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index b0ffd93..ab1b2dc 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -29,7 +29,7 @@ fi
# create a temporary gnupg directory from which to publish the key
export GNUPGHOME=$(msmktempdir)
chmod 0700 "$GNUPGHOME"
-chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME"
+chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
# trap to remove tmp dir if break
trap "rm -rf $GNUPGHOME" EXIT