usage() {
cat <<EOF
usage: $PGRM <subcommand> [args]
-Monkeysphere server admin tool.
+MonkeySphere server admin tool.
subcommands:
update-users (s) [USER]... update users authorized_keys files
gen-key (g) generate gpg key for the server
publish-key (p) publish server key to keyserver
trust-keys (t) KEYID... mark keyids as trusted
- update-user-userids (u) USER UID... add/update userids for a user
+ update-user-userids (u) USER UID... add/update user IDs for a user
+ remove-user-userids (r) USER UID... remove user IDs for a user
help (h,?) this help
EOF
mkdir -p -m 0700 "$GNUPGHOME"
case $COMMAND in
- 'update-users'|'s')
+ 'update-users'|'update-user'|'s')
if [ "$1" ] ; then
unames="$@"
else
log "----- user: $uname -----"
+ # set variables for the user
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
cacheDir="$CACHE"/"$uname"/user_keys
- # make sure authorized_user_ids file exists
+ # make sure user's authorized_user_ids file exists
+ touch "$AUTHORIZED_USER_IDS"
+
+ # skip if the user's authorized_user_ids file is empty
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
- log "authorized_user_ids file for '$uname' is empty or does not exist."
+ log "authorized_user_ids file for '$uname' is empty."
continue
fi
publish_server_key
;;
- 'trust-keys'|'t')
+ 'trust-keys'|'trust-key'|'t')
if [ -z "$1" ] ; then
failure "you must specify at least one key to trust."
fi
+
+ # process key IDs
for keyID ; do
trust_key "$keyID"
done
;;
- 'update-user-userids'|'u')
+ 'update-user-userids'|'update-user-userid'|'u')
uname="$1"
shift
if [ -z "$uname" ] ; then
if [ -z "$1" ] ; then
failure "you must specify at least one userid."
fi
+
+ # set variables for the user
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
cacheDir="$CACHE"/"$uname"/user_keys
+
+ # make sure user's authorized_user_ids file exists
+ touch "$AUTHORIZED_USER_IDS"
+
+ # process the user IDs
for userID ; do
update_userid "$userID" "$cacheDir"
done
+
+ log "run the following to update user's authorized_keys file:"
+ log "$PGRM update-users $uname"
+ ;;
+
+ 'remove-user-userids'|'remove-user-userid'|'r')
+ uname="$1"
+ shift
+ if [ -z "$uname" ] ; then
+ failure "you must specify user."
+ fi
+ if [ -z "$1" ] ; then
+ failure "you must specify at least one userid."
+ fi
+
+ # set variables for the user
+ AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
+
+ # make sure user's authorized_user_ids file exists
+ touch "$AUTHORIZED_USER_IDS"
+
+ # process the user IDs
+ for userID ; do
+ remove_userid "$userID"
+ done
+
+ log "run the following to update user's authorized_keys file:"
+ log "$PGRM update-users $uname"
;;
'help'|'h'|'?')