diff options
Diffstat (limited to 'src/share/ma')
-rw-r--r-- | src/share/ma/update_users | 37 |
1 files changed, 14 insertions, 23 deletions
diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 4d2bb35..c84716e 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -17,6 +17,7 @@ local returnCode=0 local unames local uname local authorizedKeysDir +local tmpAuthorizedKeys local authorizedUserIDs if [ "$1" ] ; then @@ -57,19 +58,14 @@ for uname in $unames ; do # trap to delete temporary directory on exit trap "rm -rf $TMPLOC" EXIT - # create temporary authorized_user_ids file - TMP_AUTHORIZED_USER_IDS="${TMPLOC}/authorized_user_ids" - touch "$TMP_AUTHORIZED_USER_IDS" - # create temporary authorized_keys file - AUTHORIZED_KEYS="${TMPLOC}/authorized_keys" - touch "$AUTHORIZED_KEYS" + tmpAuthorizedKeys="${TMPLOC}/authorized_keys" + touch "$tmpAuthorizedKeys" # set restrictive permissions on the temporary files # FIXME: is there a better way to do this? chmod 0700 "$TMPLOC" - chmod 0600 "$AUTHORIZED_KEYS" - chmod 0600 "$TMP_AUTHORIZED_USER_IDS" + chmod 0600 "$tmpAuthorizedKeys" chown -R "$MONKEYSPHERE_USER" "$TMPLOC" # process authorized_user_ids file @@ -80,17 +76,12 @@ for uname in $unames ; do log debug "authorized_user_ids file found." # check permissions on the authorized_user_ids file path if check_key_file_permissions "$uname" "$authorizedUserIDs" ; then - # copy user authorized_user_ids file to temporary - # location - cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS" - - # export needed variables - export AUTHORIZED_KEYS # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \ - || returnCode="$?" + ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids $tmpAuthorizedKeys" \ + < "$authorizedUserIDs" + else log debug "not processing authorized_user_ids." fi @@ -107,7 +98,7 @@ for uname in $unames ; do # check permissions on the authorized_keys file path if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then log verbose "adding raw authorized_keys file... " - cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" + cat "$rawAuthorizedKeys" >> "$tmpAuthorizedKeys" else log debug "not adding raw authorized_keys file." fi @@ -117,7 +108,7 @@ for uname in $unames ; do fi # move the new authorized_keys file into place - if [ -s "$AUTHORIZED_KEYS" ] ; then + if [ -s "$tmpAuthorizedKeys" ] ; then # openssh appears to check the contents of the authorized_keys # file as the user in question, so the file must be readable # by that user at least. @@ -130,14 +121,14 @@ for uname in $unames ; do if [ "$OUTPUT_STDOUT" ] ; then log debug "outputting keys to stdout..." - cat "$AUTHORIZED_KEYS" + cat "$tmpAuthorizedKeys" else log debug "moving new file to ${authorizedKeysDir}/${uname}..." # FIXME: is there a better way to do this? - chown $(whoami) "$AUTHORIZED_KEYS" && \ - chgrp $(id -g "$uname") "$AUTHORIZED_KEYS" && \ - chmod g+r "$AUTHORIZED_KEYS" && \ - mv -f "$AUTHORIZED_KEYS" "${authorizedKeysDir}/${uname}" || \ + chown $(whoami) "$tmpAuthorizedKeys" && \ + chgrp $(id -g "$uname") "$tmpAuthorizedKeys" && \ + chmod g+r "$tmpAuthorizedKeys" && \ + mv -f "$tmpAuthorizedKeys" "${authorizedKeysDir}/${uname}" || \ { log error "Failed to install authorized_keys for '$uname'!" rm -f "${authorizedKeysDir}/${uname}" |