From: Mark Wooding Date: Sun, 31 Jul 2011 17:28:36 +0000 (+0100) Subject: bin/make-ca-key, lib/func.sh: Make user and group names configurable. X-Git-Url: https://git.distorted.org.uk/~mdw/ca/commitdiff_plain/ab54a4bc04d35bcf6c0574055a998434f1c3055b bin/make-ca-key, lib/func.sh: Make user and group names configurable. This makes testing in a sandpit much easier. The defaults are good, so I've left the configuration file out of the repository. --- diff --git a/.gitignore b/.gitignore index d7e6d72..aa429de 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ index private state tmp +etc/config diff --git a/bin/make-ca-key b/bin/make-ca-key index bb3f83b..d24a902 100755 --- a/bin/make-ca-key +++ b/bin/make-ca-key @@ -3,6 +3,7 @@ set -e certroot=$(cd ${0%/*}/..; pwd) cd "$certroot" +. lib/func.sh umask 022 ## Archive any existing CA. @@ -27,7 +28,7 @@ rm -f ca.cert distorted.crl ## Build a new one. mkdir -m750 private mkdir -m775 certs crls index index/byhash index/byserial state tmp -chown root:ca certs crls index index/byhash index/byserial private state tmp +chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp touch state/db echo 01 >state/serial echo 01 >state/crlnumber @@ -41,5 +42,5 @@ umask 027 openssl req -new -config openssl.conf -x509 -days 3650 \ -out ca.cert -keyout private/ca.key \ -subj "$subject" -chown root:ca private/ca.key +chown $ca_owner:$ca_group private/ca.key chmod 644 ca.cert diff --git a/lib/func.sh b/lib/func.sh index 3cfd55e..90e643c 100644 --- a/lib/func.sh +++ b/lib/func.sh @@ -1,5 +1,9 @@ ### -*-sh-*- +## Set up configuration. +ca_user=ca ca_group=ca ca_owner=root +if [ -f etc/config ]; then . etc/config; fi + runas_ca () { ## runas_ca ## @@ -7,8 +11,8 @@ runas_ca () { ## to run as root against untrusted input -- especially OpenSSL's one. case $(id -un) in - ca) ;; - *) exec sudo -u ca "$0" "$@" ;; + $ca_user) ;; + *) exec sudo -u $ca_user "$0" "$@" ;; esac }