3 files changed, 9 insertions, 6 deletions

diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate
index 8dd5695..9995d65 100755
--- a/bin/taler-deployment-config-generate
+++ b/bin/taler-deployment-config-generate
@@ -27,14 +27,12 @@ AUDITOR_MASTER_PRIV=$(taler-config -s auditor -o auditor_priv_file -f)
 if [[ ! -f $EXCHANGE_MASTER_PRIV ]] ; then
   mkdir -p $(dirname $EXCHANGE_MASTER_PRIV)
   cp $HOME/deployment/private-keys/${TALER_CONFIG_ENV}-exchange-master.priv $EXCHANGE_MASTER_PRIV
-  chgrp ${TALER_CONFIG_ENV} $EXCHANGE_MASTER_PRIV
   chmod g+rx $EXCHANGE_MASTER_PRIV
 fi
 
 if [[ ! -f $AUDITOR_MASTER_PRIV ]] ; then
   mkdir -p $(dirname $AUDITOR_MASTER_PRIV)
   cp $HOME/deployment/private-keys/${TALER_CONFIG_ENV}-exchange-master.priv $AUDITOR_MASTER_PRIV
-  chgrp ${TALER_CONFIG_ENV} $AUDITOR_MASTER_PRIV
   chmod g+rx $AUDITOR_MASTER_PRIV
 fi
 
diff --git a/bin/taler-deployment-keyup b/bin/taler-deployment-keyup
index 1c487a2..ab5ec30 100755
--- a/bin/taler-deployment-keyup
+++ b/bin/taler-deployment-keyup
@@ -25,10 +25,8 @@ taler-exchange-keyup \
 
 # or-ing with true as user A won't be able to
 # change permissions for user B's files.
-chgrp -R $TALER_CONFIG_ENV $EXCHANGE_LIVE_KEYS/* || true
 chmod -R 070 $EXCHANGE_LIVE_KEYS/* || true
 
-chgrp -R $TALER_CONFIG_ENV $EXCHANGE_WIREFEES/* || true
 chmod -R 070 $EXCHANGE_WIREFEES/* || true
 
 taler-auditor-exchange \
@@ -49,5 +47,4 @@ fi
 
 # or-ing with true as user A won't be able to
 # change permissions for user B's files.
-chgrp -R $TALER_CONFIG_ENV $AUDITOR_BASE_DIR/* || true
 chmod -R 070 $AUDITOR_BASE_DIR/* || true
diff --git a/bin/taler-deployment-shared-data b/bin/taler-deployment-shared-data
index 805fcf6..7f59387 100755
--- a/bin/taler-deployment-shared-data
+++ b/bin/taler-deployment-shared-data
@@ -30,6 +30,15 @@ if ! test -w $SHARED_DATA; then
   exit 0
 fi
 
+# Check if shared-data/ has the right group (test|demo),
+# and set the SETGID permission if so.
+SHARED_DATA_GROUP=$(stat --format "%G" $SHARED_DATA)
+if ! echo $SHARED_DATA_GROUP | grep $TALER_CONFIG_ENV; then
+  echo "$SHARED_DATA has the wrong group ($SHARED_DATA_GROUP), please fix."
+  exit 1
+fi
+chmod g+s $SHARED_DATA
+
 declare -A TALER_DIRS=(
   [MERCHANT_WIRE]=$(dirname $(taler-config -s account-merchant -o wire_response -f))
   [MERCHANT]=$(dirname $(taler-config -s instance-default -o keyfile -f))
@@ -50,5 +59,4 @@ for dir in ${TALER_DIRS[@]}; do
 done
   
 # All dirs will give only the group RWX perms.
-chgrp -R $TALER_CONFIG_ENV $SHARED_DATA
 chmod -R 070 $SHARED_DATA