From 3c598ec632871e5112c326d8942ab0d26d54b546 Mon Sep 17 00:00:00 2001
From: Soren Hansen <soren@canonical.com>
Date: Tue, 11 Aug 2009 09:29:24 +0200
Subject: Set ownership of user's .ssh directory correctly. Disable root by
 default. Fail more gracefully if ssh keys could not be fetched.

---
 ec2-config.cfg           |  4 ++--
 ec2-fetch-credentials.py | 16 +++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/ec2-config.cfg b/ec2-config.cfg
index 76c81b77..6b9992c5 100644
--- a/ec2-config.cfg
+++ b/ec2-config.cfg
@@ -1,2 +1,2 @@
-user="ubuntu"
-DISABLE_ROOT="1"
+user=ubuntu
+disable_root=1
diff --git a/ec2-fetch-credentials.py b/ec2-fetch-credentials.py
index fc9f984c..c4df4a4e 100755
--- a/ec2-fetch-credentials.py
+++ b/ec2-fetch-credentials.py
@@ -19,6 +19,7 @@
 #
 import os
 import pwd
+import sys
 
 import ec2init
 
@@ -27,8 +28,10 @@ def setup_user_keys(keys, user, key_prefix):
 
     pwent = pwd.getpwnam(user)
 
-    if not os.path.exists('%s/.ssh' % pwent.pw_dir):
-        os.mkdir('%s/.ssh' % pwent.pw_dir)
+    ssh_dir = '%s/.ssh' % pwent.pw_dir
+    if not os.path.exists(ssh_dir):
+        os.mkdir(ssh_dir)
+        os.chown(ssh_dir, pwent.pw_uid, pwent.pw_gid)
 
     authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir
     fp = open(authorized_keys, 'a')
@@ -43,9 +46,12 @@ def main():
     ec2 = ec2init.EC2Init()
 
     user = ec2.get_cfg_option_str('user')
-    disable_root = ec2.get_cfg_option_bool('disable_root')
+    disable_root = ec2.get_cfg_option_bool('disable_root', True)
 
-    keys = ec2.get_ssh_keys()
+    try:
+        keys = ec2.get_ssh_keys()
+    except Exception, e:
+        sys.exit(1)
 
     if user:
         setup_user_keys(keys, user, '')
@@ -55,7 +61,7 @@ def main():
     else:
         key_prefix = ''
 
-    setup_root_user(keys, 'root', key_prefix)
+    setup_user_keys(keys, 'root', key_prefix)
 
 if __name__ == '__main__':
     main()
-- 
cgit v1.2.3