diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-01 09:26:23 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-01 09:26:23 +0100 |
commit | 15e55e4ea9201d9cb2e64c63fd109c9b98509947 (patch) | |
tree | 6e53f7c7bee99781df217fd794f3f4594c791359 | |
parent | 95de314ad99298f7420c657bc0cfdc8624af27ed (diff) | |
parent | 1b364428f79b7e4588a000fca40582ef968fc7fd (diff) | |
download | vyos-1x-15e55e4ea9201d9cb2e64c63fd109c9b98509947.tar.gz vyos-1x-15e55e4ea9201d9cb2e64c63fd109c9b98509947.zip |
Merge pull request #2726 from c-po/login-T5875-part2
login: T5875: restore home directory permissions only when needed
-rwxr-xr-x | src/conf_mode/system_login.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index f34575aff..3d16bdb4a 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -20,6 +20,7 @@ from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam +from pwd import getpwuid from sys import exit from time import sleep @@ -342,8 +343,11 @@ def apply(login): # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir # T5875: ensure UID is properly set on home directory if user is re-added - if os.path.exists(home_dir): - chown(home_dir, user=user, recursive=True) + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust it on demand + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + if dir_owner != user: + chown(home_dir, user=user, recursive=True) render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, |