From da77276378ecbed7d6434145793bfb209c731b76 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 12 Feb 2015 12:35:15 -0400 Subject: [PATCH] ssh user perm fixes * Ssh.authorizedKey: Make the authorized_keys file and .ssh directory be owned by the user, not root. * Ssh.knownHost: Make the .ssh directory be owned by the user, not root. --- config-joey.hs | 2 +- debian/changelog | 3 +++ src/Propellor/Property/SiteSpecific/JoeySites.hs | 1 - src/Propellor/Property/Ssh.hs | 12 +++++++++--- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index f5c593e..f87db43 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -127,7 +127,7 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64" -- with propellor. kite :: Host kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" - [ "Welcome to the new kitenet.net server!" ] + [ "Welcome to kite!" ] & ipv4 "66.228.36.95" & ipv6 "2600:3c03::f03c:91ff:fe73:b0d2" & alias "kitenet.net" diff --git a/debian/changelog b/debian/changelog index ff1cdf1..a8000c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,9 @@ propellor (2.1.0) UNRELEASED; urgency=medium * New Cron.Times data type, which allows Cron.job to install daily/monthly/weekly jobs that anacron can run. (API change) * Fix Git.daemonRunning to restart inetd after enabling the git server. + * Ssh.authorizedKey: Make the authorized_keys file and .ssh directory + be owned by the user, not root. + * Ssh.knownHost: Make the .ssh directory be owned by the user, not root. -- Joey Hess Thu, 29 Jan 2015 01:41:07 -0400 diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 3d453a8..9644cb7 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -330,7 +330,6 @@ twitRss = combineProperties "twitter rss" $ props ] -- Work around for expired ssl cert. --- (no longer expired, TODO remove this and change urls) pumpRss :: Property NoInfo pumpRss = Cron.job "pump rss" (Cron.Times "15 * * * *") "joey" "/srv/web/tmp.kitenet.net/" "wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom --no-check-certificate 2>/dev/null" diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index fe2794a..f44688c 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -207,6 +207,7 @@ knownHost hosts hn user = property desc $ , f `File.containsLines` (map (\k -> hn ++ " " ++ k) (M.elems m)) , File.ownerGroup f user user + , File.ownerGroup (takeDirectory f) user user ] go _ = do warningMessage $ "no configred pubKey for " ++ hn @@ -230,12 +231,17 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g -- | Ensures that a user's authorized_keys contains a line. -- Any other lines in the file are preserved as-is. authorizedKey :: UserName -> String -> Property NoInfo -authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do +authorizedKey user l = property desc $ do f <- liftIO $ dotFile "authorized_keys" user - ensureProperty $ - f `File.containsLine` l + ensureProperty $ combineProperties desc + [ f `File.containsLine` l `requires` File.dirExists (takeDirectory f) `onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode]) + , File.ownerGroup f user user + , File.ownerGroup (takeDirectory f) user user + ] + where + desc = user ++ " has autorized_keys line " ++ l -- | Makes the ssh server listen on a given port, in addition to any other -- ports it is configured to listen on.