Improve authorized_keys check

The old check only looked if authorized_keys exists. With this change, we look
whether we can actually open the file for reading and writing. When this fails
we try to print useful diagnostic information.

1 files changed, 13 insertions, 0 deletions

diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb
index e1b62ad..446ae9d 100644
--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -21,6 +21,7 @@ class GitlabKeys
     when 'rm-key';  rm_key
     when 'list-keys'; puts list_keys
     when 'clear';  clear
+    when 'check-permissions'; check_permissions
     else
       $logger.warn "Attempt to execute invalid gitlab-keys command #{@command.inspect}."
       puts 'not allowed'
@@ -92,6 +93,18 @@ class GitlabKeys
     true
   end
 
+  def check_permissions
+    open_auth_file('r+') { return true }
+  rescue
+    puts "error: could not open #{auth_file}"
+    if File.exist?(auth_file)
+      system('ls', '-l', auth_file)
+    else
+      # Maybe the parent directory is not writable?
+      system('ls', '-ld', File.dirname(auth_file))
+    end
+    false
+  end
 
   def lock(timeout = 10)
     File.open(lock_file, "w+") do |f|