- # Create .ssh directory if necessary
- userdotssh = File.join(@homedir, ".ssh")
- Dir.mkdir(userdotssh) if !File.exists?(userdotssh)
- @key = "#######################################################################################
-# THIS FILE IS MANAGED BY #{$0} -- CHANGES WILL BE OVERWRITTEN #
-#######################################################################################\n\n"
- @key += keys[l[:username]].join("\n") + "\n"
- userauthkeys = File.join(userdotssh, "authorized_keys")
- if !File.exists?(userauthkeys) or IO::read(userauthkeys) != @key then
- f = File.new(userauthkeys, 'w')
- f.write(@key)
+
+ existing_groups = current_user_groups[username] || []
+ groups = l[:groups] || []
+ # Adding users to the FUSE group has long been hardcoded behavior.
+ groups << "fuse"
+ groups << username
+ groups.select! { |g| Etc.getgrnam(g) rescue false }
+
+ groups.each do |addgroup|
+ if existing_groups.index(addgroup).nil?
+ # User should be in group, but isn't, so add them.
+ STDERR.puts "Add user #{username} to #{addgroup} group"
+ system("adduser", username, addgroup)
+ end
+ end
+
+ existing_groups.each do |removegroup|
+ if groups.index(removegroup).nil?
+ # User is in a group, but shouldn't be, so remove them.
+ STDERR.puts "Remove user #{username} from #{removegroup} group"
+ system("deluser", username, removegroup)
+ end
+ end
+
+ homedir = pwnam[l[:username]].dir
+ userdotssh = File.join(homedir, ".ssh")
+ Dir.mkdir(userdotssh) if !File.exist?(userdotssh)
+
+ newkeys = "###\n###\n" + keys[l[:username]].join("\n") + "\n###\n###\n"
+
+ keysfile = File.join(userdotssh, "authorized_keys")
+
+ if File.exist?(keysfile)
+ oldkeys = IO::read(keysfile)
+ else
+ oldkeys = ""
+ end
+
+ if exclusive_mode
+ newkeys = exclusive_banner + newkeys
+ elsif oldkeys.start_with?(exclusive_banner)
+ newkeys = start_banner + newkeys + end_banner
+ elsif (m = /^(.*?\n|)#{start_banner}(.*?\n|)#{end_banner}(.*)/m.match(oldkeys))
+ newkeys = m[1] + start_banner + newkeys + end_banner + m[3]
+ else
+ newkeys = start_banner + newkeys + end_banner + oldkeys
+ end
+
+ if oldkeys != newkeys then
+ f = File.new(keysfile, 'w')
+ f.write(newkeys)