tcwg-host: Restrict access to /home/$USER/.ssh directories of users.

Change-Id: Iee82239f4280a908e019f9cf15337f9ee87fa572
author: Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> 2018-06-05 13:04:48 +0000
committer: Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> 2018-06-05 13:04:48 +0000
commit: 5f4811ff114af8cf612efd897103401dc1b0f2a8 (patch)
tree: df08e66e5c9b84737f679842673603a70352e26c /xenial-arm64-tcwg-base
parent: 056673649d1fbcf1af617f52b344428b5a84cdf5 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/xenial-arm64-tcwg-base/xenial-arm64-tcwg-host/Dockerfile b/xenial-arm64-tcwg-base/xenial-arm64-tcwg-host/Dockerfile
index 0391db84..e61d551d 100644
--- a/xenial-arm64-tcwg-base/xenial-arm64-tcwg-host/Dockerfile
+++ b/xenial-arm64-tcwg-base/xenial-arm64-tcwg-host/Dockerfile
@@ -4,13 +4,14 @@ FROM linaro/ci-arm64-tcwg-base-ubuntu:xenial
 COPY passwd start.sh /
 COPY home-data/ /home-data/
 
-RUN new-user.sh --group tcwg-infra:9000 && new-user.sh --group primary:10000 \
+RUN new-user.sh --group tcwg-infra:9000 && new-user.sh --group tcwg-users:10000 \
  && while read line; do \
       new-user.sh --passwd "$line"; \
       user=$(echo "$line" | cut -d: -f 1); \
       gid=$(echo "$line" | cut -d: -f 4); \
       chown -R $user:$gid /home-data/$user/; \
+      chmod -R go-rwx /home-data/$user/.ssh/ ; \
       rsync -a /home-data/$user/ /home/$user/; \
     done </passwd \
  && rm -rf /passwd /home-data/
-# checksum: 7658e1f838c8001576f15673556acfe0
+# checksum: 607e7624947eebdea7ed39103e650c61
author	Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>	2018-06-05 13:04:48 +0000
committer	Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>	2018-06-05 13:04:48 +0000
commit	5f4811ff114af8cf612efd897103401dc1b0f2a8 (patch)
tree	df08e66e5c9b84737f679842673603a70352e26c /xenial-arm64-tcwg-base
parent	056673649d1fbcf1af617f52b344428b5a84cdf5 (diff)