get rid of FILE_OWNER variable, in favor of just using $(whoami) when

running check_key_file_permissions in update_known_hosts,
update_authorized_keys, and process_authorized_user_ids.  this is
fine, since the policy is just that a user is always updating their
own files.  closes monkeysphere bug #630.

diff --git a/src/monkeysphere b/src/monkeysphere
index 1641d32ef47a15f6fe7a4660391a1d38f1a5b806..8d59d08870727d99f07784241470d838c8d50f2f 100755 (executable)
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -189,9 +189,6 @@ export GNUPGHOME
 mkdir -p -m 0700 "$GNUPGHOME"
 export LOG_LEVEL
 
-# explicitly set the FILE_OWNER variable, for checking file permissions
-export FILE_OWNER=$(whoami)
-
 # get subcommand
 COMMAND="$1"
 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."

diff --git a/src/share/common b/src/share/common
index dd5dc162a31f4183374237d018baf1d5dcada1d4..83f2d6f0387ce8da484e327349ad09a498c2a9bf 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -846,7 +846,7 @@ update_known_hosts() {
     (umask 0022 && touch "$KNOWN_HOSTS")
 
     # check permissions on the known_hosts file path
-    check_key_file_permissions "$FILE_OWNER" "$KNOWN_HOSTS" || failure
+    check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
 
     # create a lockfile on known_hosts:
     lock create "$KNOWN_HOSTS"
@@ -1000,7 +1000,7 @@ update_authorized_keys() {
     log debug " $AUTHORIZED_KEYS"
 
     # check permissions on the authorized_keys file path
-    check_key_file_permissions "$FILE_OWNER" "$AUTHORIZED_KEYS" || failure
+    check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
 
     # create a lockfile on authorized_keys
     lock create "$AUTHORIZED_KEYS"
@@ -1076,7 +1076,7 @@ process_authorized_user_ids() {
     log debug " $authorizedUserIDs"
 
     # check permissions on the authorized_user_ids file path
-    check_key_file_permissions "$FILE_OWNER" "$authorizedUserIDs" || failure
+    check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure
 
     if ! meat "$authorizedUserIDs" > /dev/null ; then
        log debug " no user IDs to process."

diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 67fabb2f7dbfda9e1c11bad71b90662f271c2dcb..3a5c006e8f560f6ba2a58130bdb59bf47af659d4 100644 (file)
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -92,7 +92,7 @@ for uname in $unames ; do
            export TMP_AUTHORIZED_USER_IDS
 
            # process authorized_user_ids file, as monkeysphere user
-           FILE_OWNER="$MONKEYSPHERE_USER" su_monkeysphere_user \
+           su_monkeysphere_user \
                ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \
                || returnCode="$?"
        else