diff options
author | Jacob Vosmaer <jacob@gitlab.com> | 2016-08-02 10:52:28 +0200 |
---|---|---|
committer | Jacob Vosmaer <jacob@gitlab.com> | 2016-08-02 11:16:24 +0200 |
commit | f9a55789864e30c1fed2951e26fd62768fc04bce (patch) | |
tree | 91ae629e05007cd4fc24883153be2b7ed0655c79 | |
parent | a7d2fed0a64ec6271cced4dffe24021907e8ccd7 (diff) | |
download | gitlab-shell-f9a55789864e30c1fed2951e26fd62768fc04bce.tar.gz |
Improve authorized_keys check
The old check only looked if authorized_keys exists. With this change, we look
whether we can actually open the file for reading and writing. When this fails
we try to print useful diagnostic information.
-rwxr-xr-x | bin/check | 8 | ||||
-rw-r--r-- | lib/gitlab_keys.rb | 13 |
2 files changed, 16 insertions, 5 deletions
@@ -19,14 +19,12 @@ rescue GitlabNet::ApiUnreachableError abort "FAILED: Failed to connect to internal API" end - -puts "\nCheck directories and files: " - config = GitlabConfig.new abort("ERROR: missing option in config.yml") unless config.auth_file -print "\t#{config.auth_file}: " -if File.exists?(config.auth_file) + +print "\nAccess to #{config.auth_file}: " +if system(File.dirname(__FILE__) + '/gitlab-keys', 'check-permissions') print 'OK' else abort "FAILED" diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb index e1b62ad..446ae9d 100644 --- a/lib/gitlab_keys.rb +++ b/lib/gitlab_keys.rb @@ -21,6 +21,7 @@ class GitlabKeys when 'rm-key'; rm_key when 'list-keys'; puts list_keys when 'clear'; clear + when 'check-permissions'; check_permissions else $logger.warn "Attempt to execute invalid gitlab-keys command #{@command.inspect}." puts 'not allowed' @@ -92,6 +93,18 @@ class GitlabKeys true end + def check_permissions + open_auth_file('r+') { return true } + rescue + puts "error: could not open #{auth_file}" + if File.exist?(auth_file) + system('ls', '-l', auth_file) + else + # Maybe the parent directory is not writable? + system('ls', '-ld', File.dirname(auth_file)) + end + false + end def lock(timeout = 10) File.open(lock_file, "w+") do |f| |