revert part of 9ad7ea4
Fix a problem with authkeys perms when REPO_UMASK is too loose.
(To duplicate it, run a fresh, non-root install, and when gl-setup pops
up an editor, change the REPO_UMASK to 0007 (from the default 0077).
You'll find that ~/.ssh/authorized_keys now has g+w set, causing sshd to
refuse key-based access.)
And before you ask, even though gl-setup does it, I won't fiddle with
the permissions of an existing file in *this* code. (gl-setup is run
manually by the admin, this one gets run on every push).
----
Side note: 9ad7ea4
was somewhat forced on me, and I didn't really agree
with parts of it. I have no idea why I gave in so easily, but it won't
happen again!
This commit is contained in:
parent
f8812b7822
commit
c7d95293dd
|
@ -996,10 +996,11 @@ sub setup_authkeys
|
||||||
print $newkeys_fh "# gitolite end\n";
|
print $newkeys_fh "# gitolite end\n";
|
||||||
close $newkeys_fh or die "$ABRT close newkeys failed: $!\n";
|
close $newkeys_fh or die "$ABRT close newkeys failed: $!\n";
|
||||||
|
|
||||||
# all done; overwrite the file
|
# all done; overwrite the file (use cat to avoid perm changes)
|
||||||
wrap_print("$ENV{HOME}/.ssh/old_authkeys", slurp("$ENV{HOME}/.ssh/authorized_keys"));
|
system("cat $ENV{HOME}/.ssh/authorized_keys > $ENV{HOME}/.ssh/old_authkeys");
|
||||||
wrap_print("$ENV{HOME}/.ssh/authorized_keys", slurp("$ENV{HOME}/.ssh/new_authkeys"));
|
system("cat $ENV{HOME}/.ssh/new_authkeys > $ENV{HOME}/.ssh/authorized_keys")
|
||||||
unlink "$ENV{HOME}/.ssh/new_authkeys";
|
and die "couldn't write authkeys file\n";
|
||||||
|
system("rm $ENV{HOME}/.ssh/new_authkeys");
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in a new issue