authorized_keys files appear to need to be readable by the user logging in.

author Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)

committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)
committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)
diff --git a/src/monkeysphere-server b/src/monkeysphere-server

index 11e593b347c567b926e231159c4dacb2e3da7277..35e0096e38be4f9f38a2d32d902a654055c6c345 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -231,6 +231,13 @@ case $COMMAND in
                 fi
             fi
  
+            # openssh appears to check the contents of the
+            # authorized_keys file as the user in question, so the file
+            # must be readable by that user at least.
+            # FIXME: is there a better way to do this?
+            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+            chmod g+r "$AUTHORIZED_KEYS"
+
             # move the temp authorized_keys file into place
             mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Mon, 23 Jun 2008 23:09:25 +0000 (19:09 -0400)