From 7c07af289b77ce9ae2e20c6f2638a54e63f016ef Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@brickies.net>
Date: Wed, 6 Mar 2019 20:23:35 +0000
Subject: Support locking user with usermod if passwd is not available.

In some cases, the 'passwd' command might not be available, but
'usermod' might be.  In debian systems both are provided by the
'passwd' package.  In Redhat/Centos passwd comes from 'passwd' package
while 'usermod' comes from `shadow-utils`

This should just support either one with no real cost other than
the check.
---
 cloudinit/distros/__init__.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'cloudinit/distros')

diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index ef618c28..20c994dc 100644
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -577,11 +577,16 @@ class Distro(object):
         """
         Lock the password of a user, i.e., disable password logins
         """
+        # passwd must use short '-l' due to SLES11 lacking long form '--lock'
+        lock_tools = (['passwd', '-l', name], ['usermod', '--lock', name])
         try:
-            # Need to use the short option name '-l' instead of '--lock'
-            # (which would be more descriptive) since SLES 11 doesn't know
-            # about long names.
-            util.subp(['passwd', '-l', name])
+            cmd = next(l for l in lock_tools if util.which(l[0]))
+        except StopIteration:
+            raise RuntimeError((
+                "Unable to lock user account '%s'. No tools available. "
+                "  Tried: %s.") % (name, [c[0] for c in lock_tools]))
+        try:
+            util.subp(cmd)
         except Exception as e:
             util.logexc(LOG, 'Failed to disable password for user %s', name)
             raise e
-- 
cgit v1.2.3