From a3dd4c078da9aefabef4a24d0af2e4382d9f74a1 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Thu, 3 Dec 2009 15:13:24 -0800
Subject: Set modes of created authorization key (and directory)

sshd is picky about modes (and it should be), so make sure
and chmod the file.
---
 lib/Vyatta/Login/User.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/Vyatta')

diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index f6706e4e..018e7e12 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -130,10 +130,11 @@ sub set_authorized_keys {
     unless (-d $sshdir) {
 	mkdir $sshdir;
 	chown ($uid, $gid, $sshdir);
+	chmod (0750, $sshdir);
     }
 
     my $auth;
-    unless (open (my $auth, "$sshdir/authorized_keys")) {
+    unless (open (my $auth, '>', "$sshdir/authorized_keys")) {
 	warn "open $sshdir/authorized_keys failed: $!";
 	return;
     }
@@ -152,6 +153,7 @@ sub set_authorized_keys {
     }
     select STDOUT;
     close $auth;
+    chmod (0640, "$sshdir/authorized_keys");
 }
 
 sub update {
-- 
cgit v1.2.3