diff options
| author | zeripath <art27@cantab.net> | 2019-10-13 15:35:19 +0100 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2019-10-13 17:35:19 +0300 |
| commit | 300d9a1c709a0addde7c77efa7153f66ff6748d8 (patch) | |
| tree | e96b487205290c4cb2daa6c7d2326bcb9064d34c /models/ssh_key.go | |
| parent | f2a3abc683ad4b2177b7c7c6160a2c0b4316120a (diff) | |
| download | gitea-300d9a1c709a0addde7c77efa7153f66ff6748d8.tar.gz gitea-300d9a1c709a0addde7c77efa7153f66ff6748d8.zip | |
Fixes #8369: Create .ssh dir as necessary (#8486)
* Ensure .ssh dir exists before rewriting public keys
* Ensure .ssh dir exists before appending to authorized_keys
* Log the error because it would be useful to know where it is trying to MkdirAll
* Only try to create RootPath if it's not empty
Diffstat (limited to 'models/ssh_key.go')
| -rw-r--r-- | models/ssh_key.go | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/models/ssh_key.go b/models/ssh_key.go index b7c5b4fe6e..d1132bf0c6 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -358,6 +358,18 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error { sshOpLocker.Lock() defer sshOpLocker.Unlock() + if setting.SSH.RootPath != "" { + // First of ensure that the RootPath is present, and if not make it with 0700 permissions + // This of course doesn't guarantee that this is the right directory for authorized_keys + // but at least if it's supposed to be this directory and it doesn't exist and we're the + // right user it will at least be created properly. + err := os.MkdirAll(setting.SSH.RootPath, 0700) + if err != nil { + log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) + return err + } + } + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") f, err := os.OpenFile(fPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600) if err != nil { @@ -645,6 +657,18 @@ func rewriteAllPublicKeys(e Engine) error { sshOpLocker.Lock() defer sshOpLocker.Unlock() + if setting.SSH.RootPath != "" { + // First of ensure that the RootPath is present, and if not make it with 0700 permissions + // This of course doesn't guarantee that this is the right directory for authorized_keys + // but at least if it's supposed to be this directory and it doesn't exist and we're the + // right user it will at least be created properly. + err := os.MkdirAll(setting.SSH.RootPath, 0700) + if err != nil { + log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) + return err + } + } + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") tmpPath := fPath + ".tmp" t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) |