forked from tildetown/town
notes
parent
b3d1b25131
commit
e339fa8cb6
|
@ -27,7 +27,7 @@ an invite token consists of two pieces that are then base64 encoded. the first p
|
||||||
something like:
|
something like:
|
||||||
|
|
||||||
```
|
```
|
||||||
welcome ALL=(ALL)NOPASSWD:/usr/sbin/adduser,/usr/sbin/usermod,/bin/mkdir,/town/bin/generate_welcome_present.sh
|
welcome ALL=(ALL)NOPASSWD:/usr/sbin/adduser,/usr/sbin/usermod,/bin/mkdir,/town/bin/generate_welcome_present.sh,/town/bin/create_keyfile
|
||||||
```
|
```
|
||||||
|
|
||||||
though I will likely move welcome_present generation inline to `welcome` itself.
|
though I will likely move welcome_present generation inline to `welcome` itself.
|
||||||
|
@ -45,3 +45,35 @@ once we accept what we need from the user accepting an invite, the flow looks li
|
||||||
c. write blank `~/.ssh/authorized_keys` with note about adding custom keys
|
c. write blank `~/.ssh/authorized_keys` with note about adding custom keys
|
||||||
3. generate welcome gift
|
3. generate welcome gift
|
||||||
4. alert hooks (more of a future idea; but it would be nice to have a "WELCOME NEW USER!" in the mailing list / IRC / etc)
|
4. alert hooks (more of a future idea; but it would be nice to have a "WELCOME NEW USER!" in the mailing list / IRC / etc)
|
||||||
|
|
||||||
|
## creating keyfiles
|
||||||
|
|
||||||
|
A frustrating hurdle is that `welcome`, just like `ttadmin`, has to write a keyfile that is perms 600 for the new user. This is annoying as shit and requires running `sudo` as the new user. In the old python code:
|
||||||
|
|
||||||
|
```python
|
||||||
|
def write_authorized_keys(self):
|
||||||
|
# Write out authorized_keys file
|
||||||
|
# Why is this a call out to a python script? There's no secure way with
|
||||||
|
# sudoers to allow this code to write to a file; if this code was to be
|
||||||
|
# compromised, the ability to write arbitrary files with sudo is a TKO.
|
||||||
|
# By putting the ssh key file creation into its own script, we can just
|
||||||
|
# give sudo access for that one command to this code.
|
||||||
|
#
|
||||||
|
# We could put the other stuff from here into that script and then only
|
||||||
|
# grant sudo for the script, but then we're moving code out of this
|
||||||
|
# virtual-env contained, maintainable thing into a script. it's my
|
||||||
|
# preference to have the script be as minimal as possible.
|
||||||
|
with TemporaryFile(dir="/tmp") as fp:
|
||||||
|
fp.write(self.generate_authorized_keys().encode('utf-8'))
|
||||||
|
fp.seek(0)
|
||||||
|
error = _guarded_run(['sudo',
|
||||||
|
'--user={}'.format(self.username),
|
||||||
|
'/town/src/tildetown-admin/scripts/create_keyfile.py',
|
||||||
|
self.username],
|
||||||
|
stdin=fp)
|
||||||
|
if error:
|
||||||
|
logger.error(error)
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
this warrants porting `create_keyfile.py` to a new Go program that can live at `/town/bin/create_keyfile` or wherever.
|
||||||
|
|
Loading…
Reference in New Issue