summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2019-02-13 17:48:01 -0400
committerJoey Hess2019-02-13 17:48:01 -0400
commit39c1255cbcc10a65b6ad106bd5afd59eab2c5724 (patch)
tree82281509b3ceebea109d7c1496da7061b4005d56
parent8d3344513169738dcce37cdebd756976b153f193 (diff)
parentcd5da69f58cd2f34a8337d69afff1d4a0b96690f (diff)
Merge branch 'master' of ssh://propellor.branchable.com
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn23
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment36
2 files changed, 59 insertions, 0 deletions
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn
new file mode 100644
index 00000000..9b684ca3
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn
@@ -0,0 +1,23 @@
+Hello Joey
+
+I try to use
+
+ Ssh.authorizedKey (User "com-sixs") sshKeyPubComSixs
+
+on a system where the account are available in a ldap.
+On this system the group is different from the user name
+name -> grp-name
+
+So I end up with this error message
+
+ chown: invalid group: ‘com-sixs:com-sixs’
+ sixs3.exp.synchrotron-soleil.fr com-sixs has authorized_keys ... failed
+
+so my questions are.
+
+- Is it mandatory to have a user and the identical group on a unix system ?
+- Can we add a Group parameter to the authorizedKey property ?
+
+thanks for your help
+
+Fred
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment
new file mode 100644
index 00000000..2014af74
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment
@@ -0,0 +1,36 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 1"
+ date="2019-02-13T11:33:20Z"
+ content="""
+something like this
+
+ -- | Ensures that a user's authorized_keys contains a line.
+ -- Any other lines in the file are preserved as-is.
+ authorizedKey' :: User -> Group -> String -> RevertableProperty UnixLike UnixLike
+ authorizedKey' user@(User u) grp l = add <!> remove
+ where
+ add = property' (u ++ \" has authorized_keys\") $ \w -> do
+ f <- liftIO $ dotFile \"authorized_keys\" user
+ ensureProperty w $ modAuthorizedKey' f user grp $
+ f `File.containsLine` l
+ `requires` File.dirExists (takeDirectory f)
+ remove = property' (u ++ \" lacks authorized_keys\") $ \w -> do
+ f <- liftIO $ dotFile \"authorized_keys\" user
+ ifM (liftIO $ doesFileExist f)
+ ( ensureProperty w $ modAuthorizedKey' f user grp $
+ f `File.lacksLine` l
+ , return NoChange
+ )
+
+ modAuthorizedKey' :: FilePath -> User -> Group -> Property UnixLike -> Property UnixLike
+ modAuthorizedKey' f user grp p = p
+ `before` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
+ `before` File.ownerGroup f user grp
+ `before` File.ownerGroup (takeDirectory f) user grp
+
+then it is trivial to rewrite the previous properties :)
+
+but I do no know if this is the right path to follow.
+"""]]