Pino Toscano
2016-May-19 15:17 UTC
[Libguestfs] [PATCH 1/2] customize: minor function factoring in ssh_key
Turn the snippet reading user information from /etc/passwd in a slightly more generic function, so there is no need to copy&paste for other details. Mostly code motion. --- customize/ssh_key.ml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index a4e4a51..7c482e7 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -106,13 +106,15 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector (* Get user's home directory. *) g#aug_init "/" 0; - let home_dir + let read_user_detail what try - let expr = sprintf "/files/etc/passwd/%s/home" user in + let expr = sprintf "/files/etc/passwd/%s/%s" user what in g#aug_get expr with G.Error _ -> error (f_"ssh-inject: the user %s does not exist on the guest") - user in + user + in + let home_dir = read_user_detail "home" in g#aug_close (); (* Create ~user/.ssh if it doesn't exist. *) -- 2.5.5
Pino Toscano
2016-May-19 15:17 UTC
[Libguestfs] [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are missing), change their ownership to the target user. If not, they are owned by root. --- customize/ssh_key.ml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 7c482e7..d05816c 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -115,20 +115,24 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector user in let home_dir = read_user_detail "home" in + let uid = int_of_string (read_user_detail "uid") in + let gid = int_of_string (read_user_detail "gid") in g#aug_close (); (* Create ~user/.ssh if it doesn't exist. *) let ssh_dir = sprintf "%s/.ssh" home_dir in if not (g#exists ssh_dir) then ( g#mkdir ssh_dir; - g#chmod 0o700 ssh_dir + g#chmod 0o700 ssh_dir; + g#chown uid gid ssh_dir; ); (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) let auth_keys = sprintf "%s/authorized_keys" ssh_dir in if not (g#exists auth_keys) then ( g#touch auth_keys; - g#chmod 0o600 auth_keys + g#chmod 0o600 auth_keys; + g#chown uid gid auth_keys; ); (* Append the key. *) -- 2.5.5
Richard W.M. Jones
2016-May-19 21:52 UTC
Re: [Libguestfs] [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
On Thu, May 19, 2016 at 05:17:31PM +0200, Pino Toscano wrote:> When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are > missing), change their ownership to the target user. If not, they are > owned by root.That was simpler than I feared it was going to be :-) ACK series. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Reasonably Related Threads
- [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
- [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 0/4] Replace some uses of the Str module with PCRE.