10:17 a.m.
Turn the snippet reading user information from /etc/passwd in a slightly
more generic function, so there is no need to copy&paste for other
details.
Mostly code motion.
---
customize/ssh_key.ml | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index a4e4a51..7c482e7 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -106,13 +106,15 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector =
(* Get user's home directory. *)
g#aug_init "/" 0;
- let home_dir =
+ let read_user_detail what =
try
- let expr = sprintf "/files/etc/passwd/%s/home" user in
+ let expr = sprintf "/files/etc/passwd/%s/%s" user what in
g#aug_get expr
with G.Error _ ->
error (f_"ssh-inject: the user %s does not exist on the guest")
- user in
+ user
+ in
+ let home_dir = read_user_detail "home" in
g#aug_close ();
(* Create ~user/.ssh if it doesn't exist. *)
--
2.5.5
10:17 a.m.
New subject: [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are
missing), change their ownership to the target user. If not, they are
owned by root.
---
customize/ssh_key.ml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 7c482e7..d05816c 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -115,20 +115,24 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector =
user
in
let home_dir = read_user_detail "home" in
+ let uid = int_of_string (read_user_detail "uid") in
+ let gid = int_of_string (read_user_detail "gid") in
g#aug_close ();
(* Create ~user/.ssh if it doesn't exist. *)
let ssh_dir = sprintf "%s/.ssh" home_dir in
if not (g#exists ssh_dir) then (
g#mkdir ssh_dir;
- g#chmod 0o700 ssh_dir
+ g#chmod 0o700 ssh_dir;
+ g#chown uid gid ssh_dir;
);
(* Create ~user/.ssh/authorized_keys if it doesn't exist. *)
let auth_keys = sprintf "%s/authorized_keys" ssh_dir in
if not (g#exists auth_keys) then (
g#touch auth_keys;
- g#chmod 0o600 auth_keys
+ g#chmod 0o600 auth_keys;
+ g#chown uid gid auth_keys;
);
(* Append the key. *)
--
2.5.5
4:52 p.m.
New subject: [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
On Thu, May 19, 2016 at 05:17:31PM +0200, Pino Toscano wrote:
When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are
missing), change their ownership to the target user. If not, they are
owned by root.
That was simpler than I feared it was going to be :-)
ACK series.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
3109
days inactive
3109
days old
2 comments
2 participants
participants (2)
-
Pino Toscano -
Richard W.M. Jones