local nHostsBAD
local fileCheck
local host
+ local newUmask
# the number of hosts specified on command line
nHosts="$#"
# touch the known_hosts file so that the file permission check
# below won't fail upon not finding the file
if [ ! -f "$KNOWN_HOSTS" ]; then
- [ -d $(dirname "$KNOWN_HOSTS") ] || mkdir -m 0700 $(dirname "$KNOWN_HOSTS")
- touch "$KNOWN_HOSTS"
+ # make sure to create any files or directories with the appropriate write bits turned off:
+ newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
+ [ -d $(dirname "$KNOWN_HOSTS") ] \
+ || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
+ || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
+ # make sure to create this file with the appropriate bits turned off:
+ (umask "$newUmask" && touch "$KNOWN_HOSTS") \
+ || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
fi
# check permissions on the known_hosts file path
- check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
+ check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
+ || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
# create a lockfile on known_hosts:
lock create "$KNOWN_HOSTS"
trap "lock remove $KNOWN_HOSTS" EXIT
# note pre update file checksum
- fileCheck="$(file_hash "$KNOWN_HOSTS")"
+ fileCheck=$(file_hash "$KNOWN_HOSTS")
for host ; do
# process the host