From 868fb51d85439d2cb045cf810f23943c60c42c41 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 2 Feb 2010 14:57:03 -0800 Subject: Run login update as root Need ability to open file of new user (to load authorized key). So move sudo to template. --- lib/Vyatta/Login/User.pm | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'lib/Vyatta/Login') diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e0142b3f..b9e2ec98 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -81,11 +81,9 @@ sub _authorized_keys { chmod( 0750, $sshdir ); } - open( my $auth, '>', "$sshdir/authorized_keys" ); - unless ($auth) { - warn "open $sshdir/authorized_keys failed: $!"; - return; - } + my $keyfile = "$sshdir/authorized_keys"; + open( my $auth, '>', $keyfile) + or die "open $keyfile failed: $!"; print {$auth} "# Automatically generated by Vyatta configuration\n"; print {$auth} "# Do not edit, all changes will be lost\n"; @@ -96,7 +94,7 @@ sub _authorized_keys { } close $auth; - chmod( 0640, "$sshdir/authorized_keys" ); + chmod( 0640, $keyfile ); } sub _delete_user { @@ -104,15 +102,15 @@ sub _delete_user { if ( $user eq 'root' ) { warn "Disabling root account, instead of deleting\n"; - system('sudo usermod -p ! root') == 0 + system('usermod -p ! root') == 0 or die "usermod of root failed: $?\n"; } elsif ( getlogin() eq $user ) { die "Attempting to delete current user: $user\n"; } else { # This logs out user (so we can delete it) - system("sudo pkill -u $user"); + system("pkill -u $user"); - system("sudo userdel $user") == 0 + system("userdel $user") == 0 or die "userdel of $user failed: $?\n"; } } @@ -155,7 +153,6 @@ sub _update_user { $cmd = 'useradd -s /bin/vbash -m -N'; } else { # update existing account - # NB: can't skip because can't read original password $cmd = "usermod"; } @@ -163,7 +160,7 @@ sub _update_user { $cmd .= " -c \"$fname\"" if ( defined $fname ); $cmd .= " -d \"$home\"" if ( defined $home ); $cmd .= ' -G ' . join( ',', @groups ); - system("sudo $cmd $user"); + system("$cmd $user"); unless ( $? == 0 ) { my $reason = $reasons{ ( $? >> 8 ) }; @@ -217,7 +214,7 @@ sub update { warn "removing $user not listed in current configuration\n"; # Remove user account but leave home directory to be safe - system("sudo userdel $user") == 0 + system("userdel $user") == 0 or die "Attempt to delete user $user failed: $!"; } } -- cgit v1.2.3