From 7d3f36452983f797e42ce4414ba46a3137027bdc Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 16 May 2002 03:50:43 +0000 Subject: Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory where each user gets their own file, which is owned by that user. An old S/Key database may be converted by running "skeyinit -C" as root. Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead. --- usr.bin/skeyaudit/Makefile | 6 +++--- usr.bin/skeyaudit/skeyaudit.1 | 14 +++++++------- usr.bin/skeyaudit/skeyaudit.c | 11 ++++------- 3 files changed, 14 insertions(+), 17 deletions(-) (limited to 'usr.bin/skeyaudit') diff --git a/usr.bin/skeyaudit/Makefile b/usr.bin/skeyaudit/Makefile index 967b6727fbb..00f643b060d 100644 --- a/usr.bin/skeyaudit/Makefile +++ b/usr.bin/skeyaudit/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.2 1997/09/21 11:50:51 deraadt Exp $ +# $OpenBSD: Makefile,v 1.3 2002/05/16 03:50:42 millert Exp $ PROG= skeyaudit -BINOWN= root -BINMODE=4555 +BINGRP= auth +BINMODE=2555 DPADD= ${LIBSKEY} LDADD= -lskey diff --git a/usr.bin/skeyaudit/skeyaudit.1 b/usr.bin/skeyaudit/skeyaudit.1 index 2fa5b00e1fa..30192984c03 100644 --- a/usr.bin/skeyaudit/skeyaudit.1 +++ b/usr.bin/skeyaudit/skeyaudit.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $ +.\" $OpenBSD: skeyaudit.1,v 1.9 2002/05/16 03:50:42 millert Exp $ .\" .Dd 22 July 1997 .Dt SKEYAUDIT 1 @@ -13,8 +13,8 @@ .Op Fl l Ar limit .Sh DESCRIPTION .Nm -searches through the file -.Pa /etc/skeykeys +searches through the files in +.Pa /etc/skey for users whose S/Key sequence number is less than .Ar limit , and mails them a reminder to run @@ -25,7 +25,7 @@ The options are as follows: .Bl -tag -width Ds .It Fl a Check all keys in -.Pa /etc/skeykeys . +.Pa /etc/skey This option is only available to the superuser and is useful to run regularly via .Xr cron 8 . @@ -37,9 +37,9 @@ The limit used to determine whether or not a user should be notified. The default is to notify if there are fewer than 12 keys left. .El .Sh FILES -.Bl -tag -width /etc/skeykeys -compact -.It Pa /etc/skeykeys -S/Key key information database +.Bl -tag -width /etc/skey +.It Pa /etc/skey +directory containing user entries for S/Key .El .Sh SEE ALSO .Xr skey 1 , diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c index 9a8f576fdf9..900d255cb6c 100644 --- a/usr.bin/skeyaudit/skeyaudit.c +++ b/usr.bin/skeyaudit/skeyaudit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyaudit.c,v 1.12 2002/02/16 21:27:52 millert Exp $ */ +/* $OpenBSD: skeyaudit.c,v 1.13 2002/05/16 03:50:42 millert Exp $ */ /* * Copyright (c) 1997, 2000 Todd C. Miller @@ -58,9 +58,6 @@ main(argc, argv) int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12; char *name; - if (geteuid() != 0) - errx(1, "must be setuid root"); - while ((ch = getopt(argc, argv, "ail:")) != -1) switch(ch) { case 'a': @@ -100,7 +97,7 @@ main(argc, argv) notify(pw, left, iflag); } if (ch == -1) - errx(-1, "cannot open %s", _PATH_SKEYKEYS); + errx(-1, "cannot open %s", _PATH_SKEYDIR); else (void)fclose(key.keyfile); } else { @@ -116,11 +113,11 @@ main(argc, argv) left = key.n - 1; break; case -1: /* File error */ - errx(errs, "cannot open %s", _PATH_SKEYKEYS); + errx(errs, "cannot open %s", _PATH_SKEYDIR); break; case 1: /* Unknown user */ warnx("%s is not listed in %s", name, - _PATH_SKEYKEYS); + _PATH_SKEYDIR); } (void)fclose(key.keyfile); -- cgit v1.2.3