X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=b331c315ab7438ac4dadf7fea0350f13272bbe7d;hb=refs%2Ftags%2Fuserdir-ldap-0.3.27;hp=1ad51f9ac4ec6a35e495a55f25b7fe675a72e66e;hpb=c2f27da86e2bcbab743a469b24a8186b54df7b74;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-generate b/ud-generate
index 1ad51f9..b331c31 100755
--- a/ud-generate
+++ b/ud-generate
@@ -960,15 +960,13 @@ while(1):
       userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
    sys.stdout.flush();
    grouprevmap = GenGroup(l,OutDir+"group");
-   if ExtraList.has_key("[UNTRUSTED]"):
-	continue;
-   if not ExtraList.has_key("[NOPASSWD]"):
-     GenShadow(l,OutDir+"shadow");
 
    # Now we know who we're allowing on the machine, export
    # the relevant ssh keys
    if MultipleSSHFiles:
+      OldMask = os.umask(0077);
       tf = tarfile.open(name=os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
+      os.umask(OldMask);
       for f in userlist.keys():
         if f not in SSHFiles:
             continue
@@ -1006,13 +1004,18 @@ while(1):
         # to give a shit^W^W^Wcare about the UIDoffset stuff.
         to.uname = f
         to.gname = grname
-        to.mode  = 0600
+        to.mode  = 0400
         tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f)))
 
       tf.close()
       os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost),
                 os.path.join(OutDir, 'ssh-keys.tar.gz'))
 
+   if ExtraList.has_key("[UNTRUSTED]"):
+     continue;
+   if not ExtraList.has_key("[NOPASSWD]"):
+     GenShadow(l,OutDir+"shadow");
+
    # Link in global things   
    DoLink(GlobalDir,OutDir,"markers");
    DoLink(GlobalDir,OutDir,"mail-forward.cdb");