From c7d95293ddf0d12d9554ad8ea2367e605fb66f67 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Tue, 31 May 2011 21:54:18 +0530 Subject: [PATCH] revert part of 9ad7ea4 Fix a problem with authkeys perms when REPO_UMASK is too loose. (To duplicate it, run a fresh, non-root install, and when gl-setup pops up an editor, change the REPO_UMASK to 0007 (from the default 0077). You'll find that ~/.ssh/authorized_keys now has g+w set, causing sshd to refuse key-based access.) And before you ask, even though gl-setup does it, I won't fiddle with the permissions of an existing file in *this* code. (gl-setup is run manually by the admin, this one gets run on every push). ---- Side note: 9ad7ea4 was somewhat forced on me, and I didn't really agree with parts of it. I have no idea why I gave in so easily, but it won't happen again! --- src/gitolite.pm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/gitolite.pm b/src/gitolite.pm index 050384e..885372c 100644 --- a/src/gitolite.pm +++ b/src/gitolite.pm @@ -996,10 +996,11 @@ sub setup_authkeys print $newkeys_fh "# gitolite end\n"; close $newkeys_fh or die "$ABRT close newkeys failed: $!\n"; - # all done; overwrite the file - wrap_print("$ENV{HOME}/.ssh/old_authkeys", slurp("$ENV{HOME}/.ssh/authorized_keys")); - wrap_print("$ENV{HOME}/.ssh/authorized_keys", slurp("$ENV{HOME}/.ssh/new_authkeys")); - unlink "$ENV{HOME}/.ssh/new_authkeys"; + # all done; overwrite the file (use cat to avoid perm changes) + system("cat $ENV{HOME}/.ssh/authorized_keys > $ENV{HOME}/.ssh/old_authkeys"); + system("cat $ENV{HOME}/.ssh/new_authkeys > $ENV{HOME}/.ssh/authorized_keys") + and die "couldn't write authkeys file\n"; + system("rm $ENV{HOME}/.ssh/new_authkeys"); } # ----------------------------------------------------------------------------