Pino Toscano
2016-May-19 15:17 UTC
[Libguestfs] [PATCH 1/2] customize: minor function factoring in ssh_key
Turn the snippet reading user information from /etc/passwd in a slightly
more generic function, so there is no need to copy&paste for other
details.
Mostly code motion.
---
customize/ssh_key.ml | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index a4e4a51..7c482e7 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -106,13 +106,15 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector
(* Get user's home directory. *)
g#aug_init "/" 0;
- let home_dir + let read_user_detail what try
- let expr = sprintf "/files/etc/passwd/%s/home" user in
+ let expr = sprintf "/files/etc/passwd/%s/%s" user what in
g#aug_get expr
with G.Error _ ->
error (f_"ssh-inject: the user %s does not exist on the guest")
- user in
+ user
+ in
+ let home_dir = read_user_detail "home" in
g#aug_close ();
(* Create ~user/.ssh if it doesn't exist. *)
--
2.5.5
Pino Toscano
2016-May-19 15:17 UTC
[Libguestfs] [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are
missing), change their ownership to the target user. If not, they are
owned by root.
---
customize/ssh_key.ml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 7c482e7..d05816c 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -115,20 +115,24 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector
user
in
let home_dir = read_user_detail "home" in
+ let uid = int_of_string (read_user_detail "uid") in
+ let gid = int_of_string (read_user_detail "gid") in
g#aug_close ();
(* Create ~user/.ssh if it doesn't exist. *)
let ssh_dir = sprintf "%s/.ssh" home_dir in
if not (g#exists ssh_dir) then (
g#mkdir ssh_dir;
- g#chmod 0o700 ssh_dir
+ g#chmod 0o700 ssh_dir;
+ g#chown uid gid ssh_dir;
);
(* Create ~user/.ssh/authorized_keys if it doesn't exist. *)
let auth_keys = sprintf "%s/authorized_keys" ssh_dir in
if not (g#exists auth_keys) then (
g#touch auth_keys;
- g#chmod 0o600 auth_keys
+ g#chmod 0o600 auth_keys;
+ g#chown uid gid auth_keys;
);
(* Append the key. *)
--
2.5.5
Richard W.M. Jones
2016-May-19 21:52 UTC
Re: [Libguestfs] [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
On Thu, May 19, 2016 at 05:17:31PM +0200, Pino Toscano wrote:> When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are > missing), change their ownership to the target user. If not, they are > owned by root.That was simpler than I feared it was going to be :-) ACK series. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Reasonably Related Threads
- [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
- [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 0/4] Replace some uses of the Str module with PCRE.