From e9c3aab890fa5c0a90e9d6cf85d18e014581aee9 Mon Sep 17 00:00:00 2001 From: picca Date: Wed, 13 Feb 2019 11:12:21 +0000 Subject: --- ...d_group:___8216__com-sixs:com-sixs__8217__.mdwn | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn new file mode 100644 index 00000000..9b684ca3 --- /dev/null +++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn @@ -0,0 +1,23 @@ +Hello Joey + +I try to use + + Ssh.authorizedKey (User "com-sixs") sshKeyPubComSixs + +on a system where the account are available in a ldap. +On this system the group is different from the user name +name -> grp-name + +So I end up with this error message + + chown: invalid group: ‘com-sixs:com-sixs’ + sixs3.exp.synchrotron-soleil.fr com-sixs has authorized_keys ... failed + +so my questions are. + +- Is it mandatory to have a user and the identical group on a unix system ? +- Can we add a Group parameter to the authorizedKey property ? + +thanks for your help + +Fred -- cgit v1.2.3 From cd5da69f58cd2f34a8337d69afff1d4a0b96690f Mon Sep 17 00:00:00 2001 From: picca Date: Wed, 13 Feb 2019 11:33:20 +0000 Subject: Added a comment --- ...ent_1_609a113d809294c792d406ba72b0a1f2._comment | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment new file mode 100644 index 00000000..2014af74 --- /dev/null +++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment @@ -0,0 +1,36 @@ +[[!comment format=mdwn + username="picca" + avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c" + subject="comment 1" + date="2019-02-13T11:33:20Z" + content=""" +something like this + + -- | Ensures that a user's authorized_keys contains a line. + -- Any other lines in the file are preserved as-is. + authorizedKey' :: User -> Group -> String -> RevertableProperty UnixLike UnixLike + authorizedKey' user@(User u) grp l = add remove + where + add = property' (u ++ \" has authorized_keys\") $ \w -> do + f <- liftIO $ dotFile \"authorized_keys\" user + ensureProperty w $ modAuthorizedKey' f user grp $ + f `File.containsLine` l + `requires` File.dirExists (takeDirectory f) + remove = property' (u ++ \" lacks authorized_keys\") $ \w -> do + f <- liftIO $ dotFile \"authorized_keys\" user + ifM (liftIO $ doesFileExist f) + ( ensureProperty w $ modAuthorizedKey' f user grp $ + f `File.lacksLine` l + , return NoChange + ) + + modAuthorizedKey' :: FilePath -> User -> Group -> Property UnixLike -> Property UnixLike + modAuthorizedKey' f user grp p = p + `before` File.mode f (combineModes [ownerWriteMode, ownerReadMode]) + `before` File.ownerGroup f user grp + `before` File.ownerGroup (takeDirectory f) user grp + +then it is trivial to rewrite the previous properties :) + +but I do no know if this is the right path to follow. +"""]] -- cgit v1.2.3