diff options
author | Colin Guthrie <colin@mageia.org> | 2015-01-18 12:50:51 +0000 |
---|---|---|
committer | Colin Guthrie <colin@mageia.org> | 2015-01-18 13:15:52 +0000 |
commit | d5148ffbb0514c37893002e4988c5f7f379586bf (patch) | |
tree | 3c5929601cee06e36ce73223e4d2b10725dfb43d | |
parent | ad1e131043f2f3d013378b138e4ec1819ff1ad66 (diff) | |
download | puppet-d5148ffbb0514c37893002e4988c5f7f379586bf.tar puppet-d5148ffbb0514c37893002e4988c5f7f379586bf.tar.gz puppet-d5148ffbb0514c37893002e4988c5f7f379586bf.tar.bz2 puppet-d5148ffbb0514c37893002e4988c5f7f379586bf.tar.xz puppet-d5148ffbb0514c37893002e4988c5f7f379586bf.zip |
openssh: Only write authorized_keys file when it's different
This saves disk churn and will eventually allow us to take further
action when keys actually change.
-rwxr-xr-x | modules/openssh/templates/ldap-sshkey2file.py | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index 36e5658d..4a547b5e 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -66,14 +66,27 @@ def write_keys(keys, user, uid, gid): os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700) os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid) - (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-') - for key in keys: - os.write(fd, key.strip() + "\n") - os.close(fd) - os.chmod(tmpname, 0600) - os.chown(tmpname, uid, gid) keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user) - shutil.move(tmpname, keyfile) + + fromldap = '' + for key in keys: + fromldap += key.strip() + "\n" + + fromfile = '' + try: + f = open(keyfile, 'r') + fromfile = f.read() + f.close() + except: + pass + + if fromldap != fromfile: + (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-') + os.write(fd, fromldap); + f.close() + os.chmod(tmpname, 0600) + os.chown(tmpname, uid, gid) + shutil.move(tmpname, keyfile) if len(sys.argv) != 1: |