diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-01 20:19:09 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-01 20:19:09 +0100 |
commit | 25f2c9c4b1174507b17db4d5e34226f50dbdc781 (patch) | |
tree | 9e25103d0ab849de7e116ee9551919a8b009d3a7 | |
parent | 2bb32b3be32e9a63c4b69c3a362aad8f8bae85a3 (diff) | |
parent | 88a77db9ddd7f8322b059fe90fee8fbe85c73022 (diff) | |
download | vyos-1x-25f2c9c4b1174507b17db4d5e34226f50dbdc781.tar.gz vyos-1x-25f2c9c4b1174507b17db4d5e34226f50dbdc781.zip |
Merge pull request #2734 from vyos/mergify/bp/sagitta/pr-2726
login: T5875: restore home directory permissions only when needed (backport #2726)
-rwxr-xr-x | src/conf_mode/system_login.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index 95021c8fd..30e823bd4 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -20,6 +20,7 @@ from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam +from pwd import getpwuid from sys import exit from time import sleep @@ -342,8 +343,11 @@ def apply(login): # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir # T5875: ensure UID is properly set on home directory if user is re-added - if os.path.exists(home_dir): - chown(home_dir, user=user, recursive=True) + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust it on demand + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + if dir_owner != user: + chown(home_dir, user=user, recursive=True) render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, |