X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fma%2Fsetup;h=e77afff4299795c7a442bccf43e74dea1f2884e3;hb=d41fe28eb49e42d7773a223a43fd108913410c99;hp=248406fa2ee11fefc58b529fdd6e9f526a965ea8;hpb=a7d9d68be60e5d46c016806a47227cd2f2e5a6c7;p=monkeysphere.git diff --git a/src/share/ma/setup b/src/share/ma/setup index 248406f..e77afff 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -13,12 +13,17 @@ setup() { # make all needed directories + log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" + chmod 0750 "${MADATADIR}" + chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" mkdir -p "${MATMPDIR}" + chmod 0750 "${MATMPDIR}" + chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" - chmod 700 "${GNUPGHOME_CORE}" + chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" - chmod 700 "${GNUPGHOME_SPHERE}" + chmod 0700 "${GNUPGHOME_SPHERE}" mkdir -p "${SYSDATADIR}"/authorized_keys # deliberately replace the config files via truncation @@ -29,7 +34,6 @@ setup() { # This file is maintained by the Monkeysphere software. # Edits will be overwritten. no-greeting -list-options show-uid-validity EOF log debug "writing sphere gpg.conf..." @@ -43,9 +47,8 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome - log debuf "fixing sphere gnupg home ownership..." - chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" - chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" + log debug "fixing sphere gnupg home ownership..." + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) @@ -80,7 +83,7 @@ EOF # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust" - gpg_sphere "--export-ownertrust" + gpg_sphere "--export-ownertrust" 2>&1 | log debug # check the owner trust log debug "checking gpg_sphere owner trust set properly..."