summaryrefslogtreecommitdiff
path: root/lib/Vyatta
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-26 18:09:55 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-26 18:09:55 -0800
commit471b7e4ada3ab3ce69da161b9546056332b60ce2 (patch)
tree59eeea8e8c9d5141b38b37c9b889cfd3dda0b662 /lib/Vyatta
parentb5bb8c35539d1b108e988d39153abc813c326b0f (diff)
downloadvyatta-cfg-system-471b7e4ada3ab3ce69da161b9546056332b60ce2.tar.gz
vyatta-cfg-system-471b7e4ada3ab3ce69da161b9546056332b60ce2.zip
Get rid of protected-users file
Instead of white-listing special system users, just go with the Debian policy that all users with uid < 1000 are system accounts
Diffstat (limited to 'lib/Vyatta')
-rwxr-xr-xlib/Vyatta/Login/User.pm59
1 files changed, 18 insertions, 41 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index 383978e4..1aee01dd 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -59,43 +59,6 @@ sub _level_groups {
return @groups;
}
-# protected users override file
-my $protected_users = '/opt/vyatta/etc/protected-user';
-
-# Users who MUST not use vbash
-sub _protected_users {
- my @protected;
-
- open my $pfd, '<', $protected_users
- or return;
-
- while (<$pfd>) {
- chomp;
- next unless $_;
-
- push @protected, $_;
- }
- close($pfd);
- return @protected;
-}
-
-# make list of vyatta users (ie. users of vbash)
-sub _vyatta_users {
- my @vusers;
-
- setpwent();
-
- # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
- # = getpw*
- while ( my ($name, undef, undef, undef, undef, undef,
- undef, undef, $shell) = getpwent() ) {
- push @vusers, $name if ( $shell eq '/bin/vbash' );
- }
- endpwent();
-
- return @vusers;
-}
-
sub _authorized_keys {
my $user = shift;
my $config = new Vyatta::Config;
@@ -208,6 +171,20 @@ sub _update_user {
}
}
+sub _local_users {
+ my @users;
+
+ setpwent();
+ while ( my ($name, undef, $uid) = getpwent() ) {
+ # Skip system accounts (< SYS_UID_MAX)
+ next if $uid < 1000;
+ push @users, $name;
+ }
+ endpwent();
+
+ return @users;
+}
+
sub update {
my $uconfig = new Vyatta::Config;
$uconfig->setLevel("system login user");
@@ -228,11 +205,11 @@ sub update {
_authorized_keys($user);
}
- # Remove any vyatta users that do not exist in current configuration
+ # Remove any normal users that do not exist in current configuration
# This can happen if user added but configuration not saved
- my %protected = map { $_ => 1 } _protected_users();
- foreach my $user ( _vyatta_users() ) {
- next if $protected{$user};
+ # and system is rebooted
+ foreach my $user ( _local_users() ) {
+ # did we see this user in configuration?
next if defined $users{$user};
warn "User $user not listed in current configuration\n";