/** * Write SSH authorized_keys into a user homedir * * @param PFUser $user * * @return Boolean */ public function writeSSHKeys(PFUser $user) { try { if ($user->getUnixStatus() != 'A') { return true; } $ssh_dir = $user->getUnixHomeDir() . '/.ssh'; // Subtlety: between the 2 process owner change, there is no way to // write any logs because the process is owned by a mere user but // the log file is only writtable by codendiadm and root. So the // exceptions... welcome to the real world Neo. $this->changeProcessUidGidToUser($user); $this->createSSHDirForUser($user, $ssh_dir); $this->writeSSHFile($user, $ssh_dir); $this->restoreRootUidGid(); $this->backend->changeOwnerGroupMode($ssh_dir, $user->getUserName(), $user->getUserName(), 0700); $this->backend->changeOwnerGroupMode("{$ssh_dir}/authorized_keys", $user->getUserName(), $user->getUserName(), 0600); $this->backend->log("Authorized_keys for " . $user->getUserName() . " written.", Backend::LOG_INFO); return true; } catch (Exception $exception) { $this->restoreRootUidGid(); $this->backend->log($exception->getMessage(), Backend::LOG_ERROR); return false; } }
/** * Set user's uid/gid on its home directory (recursively) * * @param PFUser $user user to set uid/gid * * @return null */ private function setUserHomeOwnership(PFUser $user) { $this->recurseChownChgrp($user->getUnixHomeDir(), $user->getUserName(), $user->getUserName()); }