diff options
| -rw-r--r-- | packaging/debian/changelog | 7 | ||||
| -rwxr-xr-x | src/monkeysphere-authentication | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 2 | ||||
| -rw-r--r-- | src/share/common | 6 | ||||
| -rw-r--r-- | src/share/ma/setup | 6 | ||||
| -rw-r--r-- | src/share/mh/add_revoker | 2 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 2 |
7 files changed, 20 insertions, 7 deletions
diff --git a/packaging/debian/changelog b/packaging/debian/changelog index f4efc0d..0219aa4 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -12,10 +12,13 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low - some portability improvements - properly handle translation of keys with fingerprints with leading all-zero bytes. - - resolve symlinks when checking paths (thanks Silvio Rhatto) (closes MS #917) + - resolve symlinks when checking paths (thanks Silvio Rhatto) + (closes MS #917) + - explicitly set and use MONKEYSPHERE_GROUP from system "groups" + (closes #534008) * update Standard-Version to 3.8.1 - -- Jameson Graef Rollins <jrollins@finestructure.net> Mon, 29 Jun 2009 11:27:33 -0400 + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 11 Jul 2009 16:06:09 -0400 monkeysphere (0.24-1) unstable; urgency=low diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 5b98153..5b30628 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER") PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS} @@ -137,6 +138,7 @@ export MODE export LOG_LEVEL export KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 507b47f..ebd29c8 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER") PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} # other variables @@ -238,6 +239,7 @@ export LOG_LEVEL export KEYSERVER export CHECK_KEYSERVER export MONKEYSPHERE_USER +export MONKEYSPHERE_GROUP export PROMPT export GNUPGHOME_HOST export GNUPGHOME diff --git a/src/share/common b/src/share/common index c88857e..8e2232d 100644 --- a/src/share/common +++ b/src/share/common @@ -484,6 +484,12 @@ get_homedir() { eval "echo ~${uname}" } +# return the primary group of a user +get_primary_group() { + local uname=${1:-`whoami`} + groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }' +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID diff --git a/src/share/ma/setup b/src/share/ma/setup index 4c87009..0ed0406 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -16,10 +16,10 @@ setup() { log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" chmod 0750 "${MADATADIR}" - chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}" mkdir -p "${MATMPDIR}" chmod 0750 "${MATMPDIR}" - chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" + chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" @@ -48,7 +48,7 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome log debug "fixing sphere gnupg home ownership..." - chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index e58995b..89e6fcf 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -64,7 +64,7 @@ else # fix permissions and ownership on temporary directory which will # be used by monkeysphere user for storing the downloaded key chmod 0700 "$tmpDir" - chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir" # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for keyID $keyID..." diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index f6e1c0f..48e4cbb 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -30,7 +30,7 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) chmod 0700 "$GNUPGHOME" -chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT |