Merge commit 'jrollins/master'

[monkeysphere.git] / src / monkeysphere-server

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 11e593b347c567b926e231159c4dacb2e3da7277..369555cd64387aebc4e18c7a0abcafd926b214d8 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -21,7 +21,7 @@ DATE=$(date -u '+%FT%T')
 # unset some environment variables that could screw things up
 GREP_OPTIONS=
 
-# assuming other problems don't crop up, we'll return 0 as success
+# default return code
 ERR=0
 
 ########################################################################
@@ -34,7 +34,7 @@ usage: $PGRM <subcommand> [args]
 MonkeySphere server admin tool.
 
 subcommands:
-  update-users (s) [USER]...            update users authorized_keys files
+  update-users (u) [USER]...            update users authorized_keys files
   gen-key (g) [HOSTNAME]                generate gpg key for the server
   show-fingerprint (f)                  show server's host key fingerprint
   publish-key (p)                       publish server's host key to keyserver
@@ -231,6 +231,13 @@ case $COMMAND in
                fi
            fi
 
+            # openssh appears to check the contents of the
+            # authorized_keys file as the user in question, so the file
+            # must be readable by that user at least.
+            # FIXME: is there a better way to do this?
+            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+            chmod g+r "$AUTHORIZED_KEYS"
+
            # move the temp authorized_keys file into place
            mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"