GNU bug report logs -
#53752
guix home cannot configure authorized_keys
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
>
> > I finally migrated my home configuration to guix home. However, it
>> > seems guix home creates all symlinks with 777 permissions. This causes
>> > problems with openssh as it will not recognize my
>> > ~/.ssh/authorized_keys. It seems the directories have reasonable
>> > permissions (maybe because they already existed?), but it seems like
>> > someone could in theory edit the symlinks in-place (though I wasn't
>> > able to figure that out).
>> Instead of using symllinks for ~/.ssh/authorized_keys, you could try to
>> write a home-activation-service, which
>>
>> 1. creates ~/.ssh with chmod 700
>> 1a. if it already existed, enforces chmod 700 anyways
>> 2. creates authorized_keys with chmod 600 if it doesn't exist
>> 3. writes the authorized keys.
>>
>
> I'll try that soon (next 1-3 days), and hopefully then we can close this
> issue.
>
I was able create the desired effect with the following service definition:
(simple-service
'my-activation-service
home-activation-service-type
(gexp
(begin
(chdir (ungexp user-home))
(if (not (file-exists? ".ssh"))
(mkdir ".ssh"))
(chmod ".ssh" #o700)
(chdir ".ssh")
(let ((port (open-output-file "authorized_keys")))
(display (ungexp authorized-keys) port)
(close-port port))
(chmod "authorized_keys" #o600)
(chdir ".."))))
where 'user-home and 'authorized-keys are appropriate strings defined
earlier in the file.
I believe that resolves the issue,
Zacchaeus Scheffer
[Message part 2 (text/html, inline)]
This bug report was last modified 3 years and 183 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.