Merge pull request #352 from DerDackel/ssh-permissions

Ensure correct permissions on .ssh and authorized_keys file
2014-08-07 06:43:58 -04:00 · 2014-08-07 06:43:58 -04:00 · e527c9b330
parent e8c9bb2c66 0bfbefc38a
commit e527c9b330
1 changed files with 12 additions and 1 deletions
--- a/models/publickey.go
+++ b/models/publickey.go
@ -69,7 +69,7 @@ func init() {

 	// Determine and create .ssh path.
 	SshPath = filepath.Join(homeDir(), ".ssh")
-	if err = os.MkdirAll(SshPath, os.ModePerm); err != nil {
+	if err = os.MkdirAll(SshPath, 0700); err != nil {
 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
 	}
 }
@ -156,6 +156,17 @@ func saveAuthorizedKeyFile(key *PublicKey) error {
 		return err
 	}
 	defer f.Close()
+	finfo, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if finfo.Mode().Perm() > 0600 {
+		log.Error(3, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())
+		err = f.Chmod(0600)
+		if err != nil {
+			return err
+		}
+	}

 	_, err = f.WriteString(key.GetAuthorizedString())
 	return err