X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fmonkeysphere-server;h=e099a74a86fdbf7e1f59ea63230dfc30b0bc961e;hb=abedea11eca1cf2294196cb6cd39d40f4877f7d4;hp=11e593b347c567b926e231159c4dacb2e3da7277;hpb=438d1fa8881a1f8359b5e91932bf42addefbffca;p=monkeysphere.git

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 11e593b..e099a74 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -34,7 +34,7 @@ usage: $PGRM <subcommand> [args]
 MonkeySphere server admin tool.
 
 subcommands:
-  update-users (s) [USER]...            update users authorized_keys files
+  update-users (u) [USER]...            update users authorized_keys files
   gen-key (g) [HOSTNAME]                generate gpg key for the server
   show-fingerprint (f)                  show server's host key fingerprint
   publish-key (p)                       publish server's host key to keyserver
@@ -231,6 +231,13 @@ case $COMMAND in
 		fi
 	    fi
 
+            # openssh appears to check the contents of the
+            # authorized_keys file as the user in question, so the file
+            # must be readable by that user at least.
+            # FIXME: is there a better way to do this?
+            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+            chmod g+r "$AUTHORIZED_KEYS"
+
 	    # move the temp authorized_keys file into place
 	    mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"