def setUserSshKey(self, username, key, **kwargs): root = kwargs.get("root", iutil.getSysroot()) pwent = self._getpwnam(username, root) if not pwent: raise ValueError("setUserSshKey: user %s does not exist" % username) homedir = root + pwent[5] if not os.path.exists(homedir): log.error("setUserSshKey: home directory for %s does not exist", username) raise ValueError( "setUserSshKey: home directory for %s does not exist" % username) uid = pwent[2] gid = pwent[3] sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) os.chown(sshdir, int(uid), int(gid)) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with iutil.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: os.chown(authfile, int(uid), int(gid)) iutil.execWithRedirect("restorecon", ["-r", sshdir])
def setUserSshKey(self, username, key, **kwargs): root = kwargs.get("root", iutil.getSysroot()) pwent = self._getpwnam(username, root) if not pwent: raise ValueError("setUserSshKey: user %s does not exist" % username) homedir = root + pwent[5] if not os.path.exists(homedir): log.error("setUserSshKey: home directory for %s does not exist", username) raise ValueError("setUserSshKey: home directory for %s does not exist" % username) uid = pwent[2] gid = pwent[3] sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) os.chown(sshdir, int(uid), int(gid)) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with iutil.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: os.chown(authfile, int(uid), int(gid)) iutil.execWithRedirect("restorecon", ["-r", sshdir])
def setUserSshKey(self, username, key, **kwargs): childpid = self._prepareChroot(kwargs.get("root", iutil.getSysroot())) if childpid == 0: user = self.admin.lookupUserByName(username) if not user: log.error("setUserSshKey: user %s does not exist", username) os._exit(1) homedir = user.get(libuser.HOMEDIRECTORY)[0] if not os.path.exists(homedir): log.error("setUserSshKey: home directory for %s does not exist", username) os._exit(1) sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) iutil.eintr_retry_call(os.chown, sshdir, user.get(libuser.UIDNUMBER)[0], user.get(libuser.GIDNUMBER)[0]) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with iutil.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: iutil.eintr_retry_call(os.chown, authfile, user.get(libuser.UIDNUMBER)[0], user.get(libuser.GIDNUMBER)[0]) iutil.execWithRedirect("restorecon", ["-r", sshdir]) os._exit(0) else: return self._finishChroot(childpid)
def open_with_perm_test(self): """Test the open_with_perm function""" # Create a directory for test files test_dir = tempfile.mkdtemp() try: # Reset the umask old_umask = os.umask(0) try: # Create a file with mode 0777 iutil.open_with_perm(test_dir + '/test1', 'w', 0o777) self.assertEqual(os.stat(test_dir + '/test1').st_mode & 0o777, 0o777) # Create a file with mode 0600 iutil.open_with_perm(test_dir + '/test2', 'w', 0o600) self.assertEqual(os.stat(test_dir + '/test2').st_mode & 0o777, 0o600) finally: os.umask(old_umask) finally: shutil.rmtree(test_dir)
def _writeKS(ksdata): path = iutil.getSysroot() + "/root/anaconda-ks.cfg" # Clear out certain sensitive information that kickstart doesn't have a # way of representing encrypted. for obj in [ksdata.autopart] + ksdata.logvol.dataList() + \ ksdata.partition.dataList() + ksdata.raid.dataList(): obj.passphrase = "" # Make it so only root can read - could have passwords with iutil.open_with_perm(path, "w", 0o600) as f: f.write(str(ksdata))