ssh user perm fixes

* Ssh.authorizedKey: Make the authorized_keys file and .ssh directory be owned by the user, not root. * Ssh.knownHost: Make the .ssh directory be owned by the user, not root.
2015-02-12 12:35:15 -04:00 · 2015-02-12 12:35:15 -04:00 · da77276378
parent 0743e2223e
commit da77276378
4 changed files with 13 additions and 5 deletions
--- a/config-joey.hs
+++ b/config-joey.hs
@ -127,7 +127,7 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
 -- with propellor.
 kite :: Host
 kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
-	[ "Welcome to the new kitenet.net server!" ]
+	[ "Welcome to kite!" ]
 	& ipv4 "66.228.36.95"
 	& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
 	& alias "kitenet.net"
--- a/debian/changelog
+++ b/debian/changelog
@ -5,6 +5,9 @@ propellor (2.1.0) UNRELEASED; urgency=medium
  * New Cron.Times data type, which allows Cron.job to install
    daily/monthly/weekly jobs that anacron can run. (API change)
  * Fix Git.daemonRunning to restart inetd after enabling the git server.
+  * Ssh.authorizedKey: Make the authorized_keys file and .ssh directory
+    be owned by the user, not root.
+  * Ssh.knownHost: Make the .ssh directory be owned by the user, not root.

 -- Joey Hess <id@joeyh.name>  Thu, 29 Jan 2015 01:41:07 -0400

--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@ -330,7 +330,6 @@ twitRss = combineProperties "twitter rss" $ props
 			]

 -- Work around for expired ssl cert.
-- (no longer expired, TODO remove this and change urls)
 pumpRss :: Property NoInfo
 pumpRss = Cron.job "pump rss" (Cron.Times "15 * * * *") "joey" "/srv/web/tmp.kitenet.net/"
 	"wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom --no-check-certificate 2>/dev/null"
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@ -207,6 +207,7 @@ knownHost hosts hn user = property desc $
 			, f `File.containsLines`
 				(map (\k -> hn ++ " " ++ k) (M.elems m))
 			, File.ownerGroup f user user
+			, File.ownerGroup (takeDirectory f) user user
 			]
 	go _ = do
 		warningMessage $ "no configred pubKey for " ++ hn
@ -230,12 +231,17 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
 -- | Ensures that a user's authorized_keys contains a line.
 -- Any other lines in the file are preserved as-is.
 authorizedKey :: UserName -> String -> Property NoInfo
-authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do
+authorizedKey user l = property desc $ do
 	f <- liftIO $ dotFile "authorized_keys" user
-	ensureProperty $
-		f `File.containsLine` l
+	ensureProperty $ combineProperties desc
+		[ f `File.containsLine` l
 			`requires` File.dirExists (takeDirectory f)
 			`onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
+		, File.ownerGroup f user user
+		, File.ownerGroup (takeDirectory f) user user
+		]
+  where
+	desc = user ++ " has autorized_keys line " ++ l

 -- | Makes the ssh server listen on a given port, in addition to any other
 -- ports it is configured to listen on.