From be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2 Mon Sep 17 00:00:00 2001 From: Sebastian Jackel Date: Thu, 7 Aug 2014 10:00:57 +0200 Subject: [PATCH 1/3] Make sure, .ssh directory and authorized_keys file are kept at correct permissions --- models/publickey.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/models/publickey.go b/models/publickey.go index baf38177..6e0494ef 100644 --- a/models/publickey.go +++ b/models/publickey.go @@ -69,7 +69,7 @@ func init() { // Determine and create .ssh path. SshPath = filepath.Join(homeDir(), ".ssh") - if err = os.MkdirAll(SshPath, os.ModePerm); err != nil { + if err = os.MkdirAll(SshPath, 0700); err != nil { log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err) } } @@ -155,6 +155,15 @@ func saveAuthorizedKeyFile(key *PublicKey) error { if err != nil { return err } + finfo, err := f.Stat() + if err != nil { + return err + } + if finfo.Mode().Perm() > 0600 { + log.Error("authorized_keys file has unusual permission flags: " + finfo.Mode().Perm() + " - setting to -rw-r--r--") + f.Chmod(0600) + } + defer f.Close() _, err = f.WriteString(key.GetAuthorizedString()) From 51abaf788c416bf48ba9e109344c5cbd41a1ef49 Mon Sep 17 00:00:00 2001 From: Sebastian Jackel Date: Thu, 7 Aug 2014 10:34:37 +0200 Subject: [PATCH 2/3] Corrected log message --- models/publickey.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/publickey.go b/models/publickey.go index 6e0494ef..a03d282c 100644 --- a/models/publickey.go +++ b/models/publickey.go @@ -160,7 +160,7 @@ func saveAuthorizedKeyFile(key *PublicKey) error { return err } if finfo.Mode().Perm() > 0600 { - log.Error("authorized_keys file has unusual permission flags: " + finfo.Mode().Perm() + " - setting to -rw-r--r--") + log.Error(3, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String()) f.Chmod(0600) } From 0bfbefc38a6cfdace6ede1d0c485e400898672d2 Mon Sep 17 00:00:00 2001 From: Sebastian Jackel Date: Thu, 7 Aug 2014 11:06:42 +0200 Subject: [PATCH 3/3] Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod --- models/publickey.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/models/publickey.go b/models/publickey.go index a03d282c..83a3e1b8 100644 --- a/models/publickey.go +++ b/models/publickey.go @@ -155,17 +155,19 @@ func saveAuthorizedKeyFile(key *PublicKey) error { if err != nil { return err } + defer f.Close() finfo, err := f.Stat() if err != nil { return err } if finfo.Mode().Perm() > 0600 { log.Error(3, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String()) - f.Chmod(0600) + err = f.Chmod(0600) + if err != nil { + return err + } } - defer f.Close() - _, err = f.WriteString(key.GetAuthorizedString()) return err }