[cs615asa] HW 4 Question
Jan Schaumann
jschauma at cs.stevens.edu
Mon Apr 26 13:10:03 EDT 2010
Sayre Blades <sblades at stevens.edu> wrote:
> Now that I re-read that sentence it sounds to me like it should mean the
> users that are actually being synced.
Correct.
> As in the script is trying to assist
> the users in logging into their respective accounts. The only thought I had
> on that is generally the .ssh directories are read and execute protected
> from others. So unless the root account is running this script, the script
> wont find many aws.pub files.
Not necessarily. There's nothing wrong with opening up one's ~/.ssh
directory for access by others. For example, one could set the
permissions to be:
~ => 0711
~/.ssh => 0711
~/.ssh/aws.pub => 0444
This would allow anybody to retrieve the public key in question (it's a
_public_ key, after all), yet not to browse other files (no read access
on the directories). Private files shouldn't have world-read access
anyway, so no harm done by allowing exec perms on the directories.
Try:
ls ~jschauma
ls -ld ~jschauma
ls -ld ~jschauma/.ssh
ls -l ~jschauma/.ssh/aws.pub
Your program would then simply test for the readability of a file
~user/.ssh/aws.pub -- if it's not readable (regardless of whether or not
it's due to directory permissions, file permissions or the file not
actually existing), move on.
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.stevens.edu/cgi-bin/mailman/private/cs615asa/attachments/20100426/c63b31b3/attachment.pgp
More information about the cs615asa
mailing list