From cb31f883830eb5c711b3334e0514b0f75a4c5171 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 13 Oct 2019 21:01:52 +0100 Subject: [PATCH] Fixes #8369: Create .ssh dir as necessary (#8486) (#8489) * Ensure .ssh dir exists before rewriting public keys * Ensure .ssh dir exists before appending to authorized_keys * Log the error because it would be useful to know where it is trying to MkdirAll * Only try to create RootPath if it's not empty --- models/ssh_key.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/models/ssh_key.go b/models/ssh_key.go index 9ad9a45bfb..069b9b57b8 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -315,6 +315,18 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error { sshOpLocker.Lock() defer sshOpLocker.Unlock() + if setting.SSH.RootPath != "" { + // First of ensure that the RootPath is present, and if not make it with 0700 permissions + // This of course doesn't guarantee that this is the right directory for authorized_keys + // but at least if it's supposed to be this directory and it doesn't exist and we're the + // right user it will at least be created properly. + err := os.MkdirAll(setting.SSH.RootPath, 0700) + if err != nil { + log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) + return err + } + } + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") f, err := os.OpenFile(fPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600) if err != nil { @@ -602,6 +614,18 @@ func rewriteAllPublicKeys(e Engine) error { sshOpLocker.Lock() defer sshOpLocker.Unlock() + if setting.SSH.RootPath != "" { + // First of ensure that the RootPath is present, and if not make it with 0700 permissions + // This of course doesn't guarantee that this is the right directory for authorized_keys + // but at least if it's supposed to be this directory and it doesn't exist and we're the + // right user it will at least be created properly. + err := os.MkdirAll(setting.SSH.RootPath, 0700) + if err != nil { + log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) + return err + } + } + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") tmpPath := fPath + ".tmp" t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)