From e339fa8cb6c6a3f9abef776e4958c7c4d0aefbc2 Mon Sep 17 00:00:00 2001 From: vilmibm Date: Fri, 24 Feb 2023 23:08:48 +0000 Subject: [PATCH] notes --- cmd/welcome/README.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/cmd/welcome/README.md b/cmd/welcome/README.md index 54c0c58..c4c3cfd 100644 --- a/cmd/welcome/README.md +++ b/cmd/welcome/README.md @@ -27,7 +27,7 @@ an invite token consists of two pieces that are then base64 encoded. the first p something like: ``` -welcome ALL=(ALL)NOPASSWD:/usr/sbin/adduser,/usr/sbin/usermod,/bin/mkdir,/town/bin/generate_welcome_present.sh +welcome ALL=(ALL)NOPASSWD:/usr/sbin/adduser,/usr/sbin/usermod,/bin/mkdir,/town/bin/generate_welcome_present.sh,/town/bin/create_keyfile ``` though I will likely move welcome_present generation inline to `welcome` itself. @@ -45,3 +45,35 @@ once we accept what we need from the user accepting an invite, the flow looks li c. write blank `~/.ssh/authorized_keys` with note about adding custom keys 3. generate welcome gift 4. alert hooks (more of a future idea; but it would be nice to have a "WELCOME NEW USER!" in the mailing list / IRC / etc) + +## creating keyfiles + +A frustrating hurdle is that `welcome`, just like `ttadmin`, has to write a keyfile that is perms 600 for the new user. This is annoying as shit and requires running `sudo` as the new user. In the old python code: + +```python +def write_authorized_keys(self): + # Write out authorized_keys file + # Why is this a call out to a python script? There's no secure way with + # sudoers to allow this code to write to a file; if this code was to be + # compromised, the ability to write arbitrary files with sudo is a TKO. + # By putting the ssh key file creation into its own script, we can just + # give sudo access for that one command to this code. + # + # We could put the other stuff from here into that script and then only + # grant sudo for the script, but then we're moving code out of this + # virtual-env contained, maintainable thing into a script. it's my + # preference to have the script be as minimal as possible. + with TemporaryFile(dir="/tmp") as fp: + fp.write(self.generate_authorized_keys().encode('utf-8')) + fp.seek(0) + error = _guarded_run(['sudo', + '--user={}'.format(self.username), + '/town/src/tildetown-admin/scripts/create_keyfile.py', + self.username], + stdin=fp) + if error: + logger.error(error) + +``` + +this warrants porting `create_keyfile.py` to a new Go program that can live at `/town/bin/create_keyfile` or wherever.