SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
export SYSDATADIR
+# monkeysphere temp directory, in sysdatadir to enable atomic moves of
+# authorized_keys files
+MSTMPDIR="${SYSDATADIR}/tmp"
+export MSTMPDIR
+
# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')
log verbose "----- user: $uname -----"
# make temporary directory
- TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX)
# trap to delete temporary directory on exit
trap "rm -rf $TMPLOC" EXIT
# authorized_keys file as the user in question, so the
# file must be readable by that user at least.
# FIXME: is there a better way to do this?
- chown root "$AUTHORIZED_KEYS"
+ chown $(whoami) "$AUTHORIZED_KEYS"
chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
chmod g+r "$AUTHORIZED_KEYS"