summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-01 20:19:09 +0100
committerGitHub <noreply@github.com>2024-01-01 20:19:09 +0100
commit25f2c9c4b1174507b17db4d5e34226f50dbdc781 (patch)
tree9e25103d0ab849de7e116ee9551919a8b009d3a7
parent2bb32b3be32e9a63c4b69c3a362aad8f8bae85a3 (diff)
parent88a77db9ddd7f8322b059fe90fee8fbe85c73022 (diff)
downloadvyos-1x-25f2c9c4b1174507b17db4d5e34226f50dbdc781.tar.gz
vyos-1x-25f2c9c4b1174507b17db4d5e34226f50dbdc781.zip
Merge pull request #2734 from vyos/mergify/bp/sagitta/pr-2726
login: T5875: restore home directory permissions only when needed (backport #2726)
-rwxr-xr-xsrc/conf_mode/system_login.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index 95021c8fd..30e823bd4 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -20,6 +20,7 @@ from passlib.hosts import linux_context
from psutil import users
from pwd import getpwall
from pwd import getpwnam
+from pwd import getpwuid
from sys import exit
from time import sleep
@@ -342,8 +343,11 @@ def apply(login):
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
# T5875: ensure UID is properly set on home directory if user is re-added
- if os.path.exists(home_dir):
- chown(home_dir, user=user, recursive=True)
+ # the home directory will always exist, as it's created above by --create-home,
+ # retrieve current owner of home directory and adjust it on demand
+ dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+ if dir_owner != user:
+ chown(home_dir, user=user, recursive=True)
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,