From cf688362c5b3f6efee011f57b51e4e32a03fcd93 Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Fri, 6 Feb 2015 08:04:35 +0000
Subject: openssh: Ensure ownership is set correctly on authorized_keys

This was highlighted by a problem encountered by Nicolas Salguero.

Many thanks for your patience.
---
 modules/openssh/templates/ldap-sshkey2file.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/openssh/templates/ldap-sshkey2file.py')

diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py
index 1c474038..475030ec 100755
--- a/modules/openssh/templates/ldap-sshkey2file.py
+++ b/modules/openssh/templates/ldap-sshkey2file.py
@@ -90,6 +90,11 @@ def write_keys(keys, user, uid, gid):
         os.chmod(tmpname, 0600)
         os.chown(tmpname, uid, gid)
         shutil.move(tmpname, keyfile)
+        # Hmm, aparently shutil.move does not preserve user/group so lets reapply
+        # them. I still like doing it before as this should be more "automic"
+        # if it actually worked, so it's "good practice", even if shutil.move sucks
+        os.chown(keyfile, uid, gid)
+        os.chmod(keyfile, 0600)
         return True
 
     return False
-- 
cgit v1.2.1