From 187ae2cdb841e578c36473c59724c7c1237c0fe6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 4 Apr 2022 22:21:25 +0200 Subject: login: T4341: disable user account prior to deletion (cherry picked from commit efa753bc661d04967237e7ec3d72d3757230aaf9) --- src/conf_mode/system-login.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/conf_mode') diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 8aa43dd32..ed4865f22 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -256,6 +256,9 @@ def apply(login): if 'rm_users' in login: for user in login['rm_users']: try: + # Disable user to prevent re-login + call(f'usermod -s /sbin/nologin {user}') + # Logout user if he is still logged in if user in list(set([tmp[0] for tmp in users()])): print(f'{user} is logged in, forcing logout!') -- cgit v1.2.3 From a8d2c25802e2b6f087315a9b43e12654cb4fb68c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 4 Apr 2022 23:01:38 +0200 Subject: login: T4341: busy wait on userdel(8) until the account was deleted successfully (cherry picked from commit 796178f69ce09e28ab9f20c7b5e1ce97ef00a1ff) --- src/conf_mode/system-login.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index ed4865f22..aba10689d 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,6 +23,7 @@ from pwd import getpwall from pwd import getpwnam from spwd import getspnam from sys import exit +from time import sleep from vyos.config import Config from vyos.configdict import dict_merge @@ -31,6 +32,7 @@ from vyos.template import render from vyos.template import is_ipv4 from vyos.util import cmd from vyos.util import call +from vyos.util import run from vyos.util import DEVNULL from vyos.util import dict_search from vyos.xml import defaults @@ -262,10 +264,16 @@ def apply(login): # Logout user if he is still logged in if user in list(set([tmp[0] for tmp in users()])): print(f'{user} is logged in, forcing logout!') - call(f'pkill -HUP -u {user}') - - # Remove user account but leave home directory to be safe - call(f'userdel -r {user}', stderr=DEVNULL) + # re-run command until user is logged out + while run(f'pkill -HUP -u {user}'): + sleep(0.250) + + # Remove user account but leave home directory in place. Re-run + # command until user is removed - userdel might return 8 as + # SSH sessions are not all yet properly cleaned away, thus we + # simply re-run the command until the account wen't away + while run(f'userdel --remove {user}', stderr=DEVNULL): + sleep(0.250) except Exception as e: raise ConfigError(f'Deleting user "{user}" raised exception: {e}') -- cgit v1.2.3