diff options
author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-24 13:53:22 -0400 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-24 17:50:26 -0400 |
commit | 1b6df37b94b96042ac460a933b00c6ef29694053 (patch) | |
tree | 560c5b65026bfa90170f469d7d0cd435609b34d5 /debian | |
parent | e0b50e3859931c7fe2a58bb08af440a4f2455174 (diff) |
Priviledge separation: use new monkeysphere user to handle
authentication keychain for server. This required a bunch of changes
to all ms-server functions. Seems to be working ok, although it feels
kind of hackish.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rwxr-xr-x | debian/monkeysphere.postinst | 17 | ||||
-rwxr-xr-x | debian/monkeysphere.postrm | 21 |
4 files changed, 44 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 82f274a..c6b5de4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,7 +3,11 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low [Daniel Kahn Gillmor] * New version (switch UNRELEASED to experimental when ready) - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 01:25:45 -0400 + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Tue, 24 Jun 2008 13:52:28 -0400 monkeysphere (0.3-1) experimental; urgency=low diff --git a/debian/control b/debian/control index 4f0e5f5..f5760d9 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, ${shlibs:Depends} +Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends} Recommends: netcat Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst new file mode 100755 index 0000000..50eaefa --- /dev/null +++ b/debian/monkeysphere.postinst @@ -0,0 +1,17 @@ +#!/bin/sh -e + +# postinst script for monkeysphere + +# Author: Jameson Rollins <jrollins@fifthhorseman.net> +# (c) 2008 + +if ! getent passwd monkeysphere >/dev/null ; then + echo "adding monkeysphere user..." + adduser --quiet --system --no-create-home --home '/var/lib/monkeysphere' \ + --shell '/bin/sh' --gecos 'monkeysphere authentication user,,,' monkeysphere +fi + +# install host gnupg home directories +install --mode 700 -d /var/lib/monkeysphere/gnupg-host +# install authentication gnupg home directories +install --mode 700 --owner monkeysphere -d /var/lib/monkeysphere/gnupg-authentication diff --git a/debian/monkeysphere.postrm b/debian/monkeysphere.postrm new file mode 100755 index 0000000..a103fc8 --- /dev/null +++ b/debian/monkeysphere.postrm @@ -0,0 +1,21 @@ +#!/bin/sh -e + +# postrm script for monkeysphere + +# Author: Jameson Rollins <jrollins@fifthhorseman.net> +# (c) 2008 + +case $1 in + purge) + rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true + echo "removing monkeysphere user..." + userdel monkeysphere > /dev/null || true + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 |