diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-30 12:00:48 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-30 12:00:48 +0100 |
commit | 865e4290ce1da42df55088bebd3a389cdcf81806 (patch) | |
tree | dfa08a7917249c20e0295990bddb5c12fcdb4f43 | |
parent | 93427954f3abbce755847e61d0dd6471dce1bdd9 (diff) | |
parent | 92ca844d7a0492ecc1464a9bf18eecd72ac6e907 (diff) | |
download | vyos-1x-865e4290ce1da42df55088bebd3a389cdcf81806.tar.gz vyos-1x-865e4290ce1da42df55088bebd3a389cdcf81806.zip |
Merge pull request #2721 from vyos/mergify/bp/sagitta/pr-2716
login: T5875: restore home directory permissions when re-adding user account (backport #2716)
-rw-r--r-- | python/vyos/utils/file.py | 23 | ||||
-rwxr-xr-x | src/conf_mode/system-login.py | 6 |
2 files changed, 23 insertions, 6 deletions
diff --git a/python/vyos/utils/file.py b/python/vyos/utils/file.py index 9f27a7fb9..0818f1b81 100644 --- a/python/vyos/utils/file.py +++ b/python/vyos/utils/file.py @@ -83,21 +83,34 @@ def read_json(fname, defaultonfailure=None): return defaultonfailure raise e -def chown(path, user, group): +def chown(path, user=None, group=None, recursive=False): """ change file/directory owner """ from pwd import getpwnam from grp import getgrnam - if user is None or group is None: + if user is None and group is None: return False # path may also be an open file descriptor if not isinstance(path, int) and not os.path.exists(path): return False - uid = getpwnam(user).pw_uid - gid = getgrnam(group).gr_gid - os.chown(path, uid, gid) + # keep current value if not specified otherwise + uid = -1 + gid = -1 + + if user: + uid = getpwnam(user).pw_uid + if group: + gid = getgrnam(group).gr_gid + + if recursive: + for dirpath, dirnames, filenames in os.walk(path): + os.chown(dirpath, uid, gid) + for filename in filenames: + os.chown(os.path.join(dirpath, filename), uid, gid) + else: + os.chown(path, uid, gid) return True diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index cd85a5066..95021c8fd 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -29,6 +29,7 @@ from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 from vyos.utils.dict import dict_search +from vyos.utils.file import chown from vyos.utils.process import cmd from vyos.utils.process import call from vyos.utils.process import rc_cmd @@ -334,13 +335,16 @@ def apply(login): command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}' try: cmd(command) - # we should not rely on the value stored in # user_config['home_directory'], as a crazy user will choose # username root or any other system user which will fail. # # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir + # T5875: ensure UID is properly set on home directory if user is re-added + if os.path.exists(home_dir): + chown(home_dir, user=user, recursive=True) + render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), |