fixing some minor weirdness

2019-08-15 08:32:51 -04:00 · 2019-08-15 08:32:51 -04:00 · 5e11c6318c
commit 5e11c6318c
parent 138d3f35bb
2 changed files with 28 additions and 7 deletions
--- a/tools/add-borguser.py
+++ b/tools/add-borguser.py
@ -52,8 +52,9 @@ class UserAdder(object):

    def addKey(self, ssh_key, *args, **kwargs):
        key_template = ('command='
-                            '"cd {homedir};'
-                            'borg serve --restrict-to-path {homedir}",'
+                            #'"cd {homedir};'
+                            #'borg serve --restrict-to-path {homedir}",'
+                            '"/usr/local/bin/borg-restricted.py ${SSH_ORIGINAL_COMMAND}"',
                        'no-port-forwarding,'
                        'no-X11-forwarding,'
                        'no-pty,'
@ -63,11 +64,23 @@ class UserAdder(object):
        for u, kp in self.users.items():
            userent = pwd.getpwnam(u)
            homedir = userent.pw_dir
+            sshdir = os.path.join(homedir, '.ssh')
            key_insert = key_template.format(user = u,
                                             homedir = homedir,
                                             keystr = ssh_key)
            with open(kp, 'a') as f:
                f.write(key_insert)
+            # When CentOS/RHEL move to python3 native, and port policycoreutils, do this natively.
+            # But for now...
+            subprocess.run(['chcon',
+                            '-R unconfined_u:object_r:user_home_t:s0',
+                            sshdir])
+            subprocess.run(['semanage',
+                            'fcontext',
+                            '-a',
+                                '-t',
+                                    'ssh_home_t',
+                            sshdir])
        return()

    def clean(self):