6 files changed, 14 insertions, 7 deletions

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index f4efc0d..0219aa4 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -12,10 +12,13 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - some portability improvements
     - properly handle translation of keys with fingerprints with leading
       all-zero bytes.
-    - resolve symlinks when checking paths (thanks Silvio Rhatto) (closes MS #917)
+    - resolve symlinks when checking paths (thanks Silvio Rhatto)
+      (closes MS #917)
+    - explicitly set and use MONKEYSPHERE_GROUP from system "groups"
+      (closes #534008)
   * update Standard-Version to 3.8.1
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Mon, 29 Jun 2009 11:27:33 -0400
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 11 Jul 2009 16:06:09 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 5b98153..0e6f986 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
 PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
 AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS}
 RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS}
@@ -137,6 +138,7 @@ export MODE
 export LOG_LEVEL
 export KEYSERVER
 export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
 export PROMPT
 export CHECK_KEYSERVER
 export REQUIRED_USER_KEY_CAPABILITY
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 507b47f..60b627a 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
 PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
 
 # other variables
@@ -238,6 +239,7 @@ export LOG_LEVEL
 export KEYSERVER
 export CHECK_KEYSERVER
 export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
 export PROMPT
 export GNUPGHOME_HOST
 export GNUPGHOME
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 4c87009..0ed0406 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -16,10 +16,10 @@ setup() {
     log debug "checking authentication directory structure..."
     mkdir -p "${MADATADIR}"
     chmod 0750 "${MADATADIR}"
-    chgrp "$MONKEYSPHERE_USER" "${MADATADIR}"
+    chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}"
     mkdir -p "${MATMPDIR}"
     chmod 0750 "${MATMPDIR}"
-    chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}"
+    chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}"
     mkdir -p "${GNUPGHOME_CORE}"
     chmod 0700 "${GNUPGHOME_CORE}"
     mkdir -p "${GNUPGHOME_SPHERE}"
@@ -48,7 +48,7 @@ EOF
     # make sure the monkeysphere user owns everything in the sphere
     # gnupghome
     log debug "fixing sphere gnupg home ownership..."
-    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
+    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
 
     # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(core_fingerprint)
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 077b0d0..c83cb24 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -64,7 +64,7 @@ else
     # fix permissions and ownership on temporary directory which will
     # be used by monkeysphere user for storing the downloaded key
     chmod 0700 "$tmpDir"
-    chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir"
+    chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
 
     # download the key from the keyserver as the monkeysphere user
     log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index b0ffd93..ab1b2dc 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -29,7 +29,7 @@ fi
 # create a temporary gnupg directory from which to publish the key
 export GNUPGHOME=$(msmktempdir)
 chmod 0700 "$GNUPGHOME"
-chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME"
+chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
 
 # trap to remove tmp dir if break
 trap "rm -rf $GNUPGHOME" EXIT