[Da-tools-commits] ./debian/userdir-ldap r409: Make ssh-keys.tar.gz readable only by the user.
Peter Palfrader
peter at palfrader.org
Sat May 17 14:15:26 UTC 2008
------------------------------------------------------------
revno: 409
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sat 2008-05-17 16:15:26 +0200
message:
Make ssh-keys.tar.gz readable only by the user.
modified:
debian/changelog
ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-05-17 13:41:24 +0000
+++ b/debian/changelog 2008-05-17 14:15:26 +0000
@@ -1,3 +1,9 @@
+userdir-ldap (0.3.25) unstable; urgency=low
+
+ * Make ssh-keys.tar.gz readable only by the user.
+
+ -- Peter Palfrader <weasel at debian.org> Sat, 17 May 2008 16:14:56 +0200
+
userdir-ldap (0.3.24) unstable; urgency=low
* ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
=== modified file 'ud-generate'
--- a/ud-generate 2008-05-17 13:29:42 +0000
+++ b/ud-generate 2008-05-17 14:15:26 +0000
@@ -968,7 +968,9 @@
# Now we know who we're allowing on the machine, export
# the relevant ssh keys
if MultipleSSHFiles:
+ OldMask = os.umask(0077);
tf = tarfile.open(name=os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
+ os.umask(OldMask);
for f in userlist.keys():
if f not in SSHFiles:
continue
More information about the Da-tools-commits
mailing list