shoring up known_hosts creation with proper umask and with multi-level directory...

[monkeysphere.git] / src / share / common

diff --git a/src/share/common b/src/share/common
index c10e71b5c3f87485ef9e64966db50a3af8948a8d..27e088a77e6ab55b85ac181dc6f36e82eef7eef1 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -887,6 +887,7 @@ update_known_hosts() {
     local nHostsBAD
     local fileCheck
     local host
+    local newUmask
 
     # the number of hosts specified on command line
     nHosts="$#"
@@ -897,12 +898,15 @@ update_known_hosts() {
     # touch the known_hosts file so that the file permission check
     # below won't fail upon not finding the file
     if [ ! -f "$KNOWN_HOSTS" ]; then
-       [ -d $(dirname "$KNOWN_HOSTS") ] || mkdir -m 0700 $(dirname "$KNOWN_HOSTS")
-       touch "$KNOWN_HOSTS"
+       # make sure to create any files or directories with the appropriate write bits turned off:
+       newUmask=$(printf "%04o" $(( 0$(umask) | 0022 ))
+       [ -d $(dirname "$KNOWN_HOSTS") ] || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
+       # make sure to create this file with the appropriate bits turned off:
+       (umask "$newUmask" && touch "$KNOWN_HOSTS") || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
     fi
 
     # check permissions on the known_hosts file path
-    check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
+    check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
 
     # create a lockfile on known_hosts:
     lock create "$KNOWN_HOSTS"