Make ssh-keys.tar.gz readable only by the user.

author Peter Palfrader <peter@palfrader.org>

Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)
diff --git a/debian/changelog b/debian/changelog

index 9566789..b71d365 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+userdir-ldap (0.3.25) unstable; urgency=low
+
+  * Make ssh-keys.tar.gz readable only by the user.
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 16:14:56 +0200
+
  userdir-ldap (0.3.24) unstable; urgency=low
  
    * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
diff --git a/ud-generate b/ud-generate

index 1ad51f9..6103fa8 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -968,7 +968,9 @@ while(1):
     # Now we know who we're allowing on the machine, export
     # the relevant ssh keys
     if MultipleSSHFiles:
+      OldMask = os.umask(0077);
        tf = tarfile.open(name=os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
+      os.umask(OldMask);
        for f in userlist.keys():
          if f not in SSHFiles:
              continue
author	Peter Palfrader <peter@palfrader.org>
	Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)
debian/changelog		patch \| blob \| history
ud-generate		patch \| blob \| history