setting dstuser file ownership in __ssh_authorized_key #52

Closed
wants to merge 2 commits into
from

2 participants

@nuex

I was having trouble logging in as a __ssh_authorized_key provisioned user after the /home/$dstuser/.ssh/authorized_key file was created, which I believe was due to permissions not being properly set on the $dstuser's files. This commit gives $dstuser (if defined) ownership of the .ssh directory and authorized_keys file, allowing them to log in.

@telmich telmich and 1 other commented on an outdated diff Apr 11, 2012
conf/type/__ssh_authorized_key/manifest
@@ -46,9 +46,26 @@ else
sshpath="/root/.ssh"
fi
rsa=`cat $srcrsa`
-__directory $sshpath
-# the file authorized_keys depends on the .ssh folder
-require="__directory${sshpath}" __file "$sshpath/authorized_keys" --mode 640
+
+# if a destination user is defined, create the .ssh directory with
+# that user's ownership credentials
+if [ "$dstuser" ]; then
+ __directory $sshpath --owner $dstuser --group $dstuser --mode 700
+# if no destination user is defined, create the .ssh directory as root
@telmich
telmich added a line comment Apr 11, 2012

What about a group being different named then the user?

@telmich
telmich added a line comment Apr 11, 2012

I believe that using --owner could always be done (root or $dstuser)

I think we can even setup dstuser=root, if dstuser is not given

@nuex
nuex added a line comment Apr 11, 2012

Maybe add a --ssh-directory-group parameter?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@telmich telmich closed this May 31, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment