diff options
-rwxr-xr-x | src/monkeysphere-authentication | 2 | ||||
-rwxr-xr-x | src/monkeysphere-host | 2 | ||||
-rw-r--r-- | src/share/ma/setup | 6 | ||||
-rw-r--r-- | src/share/mh/add_revoker | 2 | ||||
-rw-r--r-- | src/share/mh/publish_key | 2 |
5 files changed, 9 insertions, 5 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 5b98153..0e6f986 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }') PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS} @@ -137,6 +138,7 @@ export MODE export LOG_LEVEL export KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 507b47f..60b627a 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }') PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} # other variables @@ -238,6 +239,7 @@ export LOG_LEVEL export KEYSERVER export CHECK_KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export GNUPGHOME_HOST export GNUPGHOME diff --git a/src/share/ma/setup b/src/share/ma/setup index 4c87009..0ed0406 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -16,10 +16,10 @@ setup() { log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" chmod 0750 "${MADATADIR}" - chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}" mkdir -p "${MATMPDIR}" chmod 0750 "${MATMPDIR}" - chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" @@ -48,7 +48,7 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome log debug "fixing sphere gnupg home ownership..." - chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 077b0d0..c83cb24 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -64,7 +64,7 @@ else # fix permissions and ownership on temporary directory which will # be used by monkeysphere user for storing the downloaded key chmod 0700 "$tmpDir" - chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir" # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for keyID $keyID..." diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b0ffd93..ab1b2dc 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -29,7 +29,7 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) chmod 0700 "$GNUPGHOME" -chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT |