From 56dd4ff4d8c77293e8e703f91fc8ac5ef96d55e9 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 17:16:31 -0400 Subject: propellor spin --- Propellor/Property/Ssh.hs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'Propellor/Property') diff --git a/Propellor/Property/Ssh.hs b/Propellor/Property/Ssh.hs index 6bfe1261..b13a12bf 100644 --- a/Propellor/Property/Ssh.hs +++ b/Propellor/Property/Ssh.hs @@ -107,8 +107,12 @@ keyImported keytype user = combineProperties desc f <- liftIO $ keyfile ext ifM (liftIO $ doesFileExist f) ( noChange - , withPrivData p $ \key -> makeChange $ - writer f key + , ensureProperty $ combineProperties desc + [ Property desc $ + withPrivData p $ \key -> makeChange $ + writer f key + , File.ownerGroup f user user + ] ) keyfile ext = do home <- homeDirectory <$> getUserEntryForName user @@ -130,6 +134,7 @@ knownHost hosts hn user = Property desc $ ensureProperty $ combineProperties desc [ File.dirExists (takeDirectory f) , f `File.containsLine` (hn ++ " " ++ k) + , File.ownerGroup f user user ] go _ = do warningMessage $ "no configred sshPubKey for " ++ hn @@ -138,8 +143,9 @@ knownHost hosts hn user = Property desc $ -- | Makes a user have authorized_keys from the PrivData authorizedKeys :: UserName -> Property authorizedKeys user = Property (user ++ " has authorized_keys") $ - withPrivData (SshAuthorizedKeys user) $ \v -> liftIO $ do + withPrivData (SshAuthorizedKeys user) $ \v -> do f <- liftIO $ dotFile "authorized_keys" user - createDirectoryIfMissing True (takeDirectory f) - writeFileProtected f v - return NoChange + liftIO $ do + createDirectoryIfMissing True (takeDirectory f) + writeFileProtected f v + ensureProperty $ File.ownerGroup f user user -- cgit v1.2.3