summaryrefslogtreecommitdiff
path: root/Utility/SshConfig.hs
diff options
context:
space:
mode:
Diffstat (limited to 'Utility/SshConfig.hs')
-rw-r--r--Utility/SshConfig.hs15
1 files changed, 14 insertions, 1 deletions
diff --git a/Utility/SshConfig.hs b/Utility/SshConfig.hs
index b7068f48d..d6cd32078 100644
--- a/Utility/SshConfig.hs
+++ b/Utility/SshConfig.hs
@@ -10,6 +10,7 @@ module Utility.SshConfig where
import Common
import Utility.UserInfo
import Utility.Tmp
+import Utility.FileMode
import Data.Char
import Data.Ord
@@ -117,7 +118,19 @@ changeUserSshConfig modifier = do
c <- readFileStrict configfile
let c' = modifier c
when (c /= c') $
- viaTmp writeFile configfile c'
+ viaTmp writeSshConfig configfile c'
+
+writeSshConfig :: FilePath -> String -> IO ()
+writeSshConfig f s = do
+ writeFile f s
+ setSshConfigMode f
+
+{- Ensure that the ssh config file lacks any group or other write bits,
+ - since ssh is paranoid about not working if other users can write
+ - to one of its config files (.ssh/config and .ssh/authorized_keys) -}
+setSshConfigMode :: FilePath -> IO ()
+setSshConfigMode f = modifyFileMode f $
+ removeModes [groupWriteMode, otherWriteMode]
sshDir :: IO FilePath
sshDir = do
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 23:08:27 +0000