search

sous-chefs / users

Development repository for the users cookbook
https://supermarket.chef.io/cookbooks/users
Apache License 2.0
138 stars 217 forks source link

Does not zero out a authorized_key file when removing last key. #73

Closed asciifaceman closed 3 years ago

asciifaceman commented 9 years ago

If a user has no ssh keys defined, but they have an authorized_keys file it does not zero out the file.

This can be a complication if you remove keys from a user but not the user entirely, that last key is not removed (or when migrating from pre-chef to chef and their existing keys aren't wiped out)

relevant code:

    if u['ssh_keys']
      template "#{home_dir}/.ssh/authorized_keys" do
        source "authorized_keys.erb"
        cookbook new_resource.cookbook
        owner u['username']
        group u['gid'] || u['username']
        mode "0600"
        variables :ssh_keys => u['ssh_keys']
      end
    end
asciifaceman commented 9 years ago

Also, If I am misunderstanding something please let me know

fitsnips commented 9 years ago

Correct it will, so we should work with people to get this move done correctly. That is why the due date is set to the 16th.


    unless u['ssh_keys']
      template "#{home_dir}/.ssh/authorized_keys" do
        source "authorized_keys.erb"
        cookbook new_resource.cookbook
        owner u['username']
        group u['gid'] || u['username']
        mode "0600"
        variables :ssh_keys => u['ssh_keys']
      end
    else
      # zero that sucker out
      template "#{home_dir}/.ssh/authorized_keys" do
        source "authorized_keys.erb"
        cookbook new_resource.cookbook
        owner u['username']
        group u['gid'] || u['username']
        mode "0600"
        variables :ssh_keys => ""
      end
  end
asciifaceman commented 9 years ago

I wrote a very simple behavior change for this, it is available in pull req: https://github.com/opscode-cookbooks/users/pull/76

If u['ssh_keys'] is not defined, it wipes out authorized_keys.

I realize this would wipe out any custom ssh keys the user may have, but that should not be happening anyways since the file is chef-managed.

asciifaceman commented 9 years ago

Also, apologies if I missed the naming convention for the pull/commit. I read the guidelines after pushing them to my fork and pull requesting (I am a terrible example for society).

CpuID commented 9 years ago

have created a new PR to supersede https://github.com/opscode-cookbooks/users/pull/76

see https://github.com/opscode-cookbooks/users/pull/90 for details.

handles things a bit nicer, using file resources.

frank-m commented 3 years ago

The Pull Requests related to this issue have all been closed in the past. And this issue is from 6 years ago. I am closing it for now but if the needs is still there to add this feature please reopen it.