summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-01 09:26:23 +0100
committerGitHub <noreply@github.com>2024-01-01 09:26:23 +0100
commit15e55e4ea9201d9cb2e64c63fd109c9b98509947 (patch)
tree6e53f7c7bee99781df217fd794f3f4594c791359
parent95de314ad99298f7420c657bc0cfdc8624af27ed (diff)
parent1b364428f79b7e4588a000fca40582ef968fc7fd (diff)
downloadvyos-1x-15e55e4ea9201d9cb2e64c63fd109c9b98509947.tar.gz
vyos-1x-15e55e4ea9201d9cb2e64c63fd109c9b98509947.zip
Merge pull request #2726 from c-po/login-T5875-part2
login: T5875: restore home directory permissions only when needed
-rwxr-xr-xsrc/conf_mode/system_login.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index f34575aff..3d16bdb4a 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -20,6 +20,7 @@ from passlib.hosts import linux_context
from psutil import users
from pwd import getpwall
from pwd import getpwnam
+from pwd import getpwuid
from sys import exit
from time import sleep
@@ -342,8 +343,11 @@ def apply(login):
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
# T5875: ensure UID is properly set on home directory if user is re-added
- if os.path.exists(home_dir):
- chown(home_dir, user=user, recursive=True)
+ # the home directory will always exist, as it's created above by --create-home,
+ # retrieve current owner of home directory and adjust it on demand
+ dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+ if dir_owner != user:
+ chown(home_dir, user=user, recursive=True)
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,