explicitly set MONKEYSPHERE_GROUP

The monkeysphere group is now determined from the system "groups"
command, and then MONKEYSPHERE_GROUP is explicitly set from this, and
then used when setting group ownership.

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 5b981537db831c2c26f280662b8f61b5ff594ee5..0e6f986fc1d23a3a3809c79112483015d54e3285 100755 (executable)
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -120,6 +120,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
 PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
 AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS}
 RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS}
@@ -137,6 +138,7 @@ export MODE
 export LOG_LEVEL
 export KEYSERVER
 export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
 export PROMPT
 export CHECK_KEYSERVER
 export REQUIRED_USER_KEY_CAPABILITY

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 507b47f8f73eabfd6a62e7d9feaf4d53d12bca84..60b627a63d631cc82f81081edae506b581c6bb18 100755 (executable)
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -226,6 +226,7 @@ LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(groups "$MONKEYSPHERE_USER" | cut -d: -f2 | awk '{ print $1 }')
 PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
 
 # other variables
@@ -238,6 +239,7 @@ export LOG_LEVEL
 export KEYSERVER
 export CHECK_KEYSERVER
 export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
 export PROMPT
 export GNUPGHOME_HOST
 export GNUPGHOME

diff --git a/src/share/ma/setup b/src/share/ma/setup
index 4c87009dc9235b7de4231d582da221f1472663ee..0ed0406c3335d924f98044ecd22cf237bba5a428 100644 (file)
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -16,10 +16,10 @@ setup() {
     log debug "checking authentication directory structure..."
     mkdir -p "${MADATADIR}"
     chmod 0750 "${MADATADIR}"
-    chgrp "$MONKEYSPHERE_USER" "${MADATADIR}"
+    chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}"
     mkdir -p "${MATMPDIR}"
     chmod 0750 "${MATMPDIR}"
-    chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}"
+    chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}"
     mkdir -p "${GNUPGHOME_CORE}"
     chmod 0700 "${GNUPGHOME_CORE}"
     mkdir -p "${GNUPGHOME_SPHERE}"
@@ -48,7 +48,7 @@ EOF
     # make sure the monkeysphere user owns everything in the sphere
     # gnupghome
     log debug "fixing sphere gnupg home ownership..."
-    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
+    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
 
     # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(core_fingerprint)

diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 077b0d06b4409732f1c31febcf38b9b5e0e48333..c83cb24e3cff294a1ca8e3594b27332c63f7bbd3 100644 (file)
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -64,7 +64,7 @@ else
     # fix permissions and ownership on temporary directory which will
     # be used by monkeysphere user for storing the downloaded key
     chmod 0700 "$tmpDir"
-    chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir"
+    chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
 
     # download the key from the keyserver as the monkeysphere user
     log verbose "searching keyserver $KEYSERVER for keyID $keyID..."

diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index b0ffd93b96ae124f4717b85e2256e88c67d6187a..ab1b2dc055d3dfbafc01b5dd6d4ec2ef4e2f795e 100644 (file)
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -29,7 +29,7 @@ fi
 # create a temporary gnupg directory from which to publish the key
 export GNUPGHOME=$(msmktempdir)
 chmod 0700 "$GNUPGHOME"
-chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME"
+chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
 
 # trap to remove tmp dir if break
 trap "rm -rf $GNUPGHOME" EXIT