Ensure __ssh_authorized_key sets proper group

When --dstuser is specified, use an explorer to retrieve the group name and specify the group name on all created directories and files.
2012-05-30 17:21:19 -07:00 · 2012-05-30 17:21:19 -07:00 · 8564785f66
commit 8564785f66
parent 9291fd7436
2 changed files with 29 additions and 2 deletions
--- a/conf/type/__ssh_authorized_key/explorer/dstuser_group
+++ b/conf/type/__ssh_authorized_key/explorer/dstuser_group
@ -0,0 +1,15 @@
 #!/bin/sh
 # Get option dstuser if defined
 if [ -f "$__object/parameter/dstuser" ]; then
   dstuser=`cat "$__object/parameter/dstuser"`
 else
   dstuser="root"
 fi
 if id $dstuser >/dev/null 2>&1 ; then
    id -ng $dstuser
 else
   echo "$__object_id: Destination user $dstuser does not exist" >&2
   exit 1
 fi
--- a/conf/type/__ssh_authorized_key/manifest
+++ b/conf/type/__ssh_authorized_key/manifest
@ -29,8 +29,13 @@ fi
 # Get option dstuser if defined
 if [ -f "$__object/parameter/dstuser" ]; then
   dstuser=`cat "$__object/parameter/dstuser"`
 else
   dstuser="root"
 fi
 # retrieve destination group
 dstgroup=$(cat "$__object/explorer/dstuser_group")
 # if a source user is defined, use it's public key
 if [ "$srcuser" ]; then
   srcrsa="/home/${srcuser}/.ssh/id_rsa.pub"
@ -46,9 +51,16 @@ else
   sshpath="/root/.ssh"
 fi
 rsa=`cat $srcrsa`
-__directory $sshpath
+__directory $sshpath \
    --owner $dstuser \
    --group $dstgroup \
    --mode 700
 # the file authorized_keys depends on the .ssh folder
-require="__directory${sshpath}" __file "$sshpath/authorized_keys" --mode 640
+require="__directory${sshpath}" \
    __file "$sshpath/authorized_keys" \
    --mode 640 \
    --owner $dstuser \
    --group $dstgroup
 # the line added depends on authorized_keys existence
 require="__file${sshpath}/authorized_keys" __addifnosuchline sshkey --file \
 "$sshpath/authorized_keys" --line "$rsa"