diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-10-03 09:26:33 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-10-03 15:57:29 +0000 |
| commit | 074870dad33d80e78128736f9e89bdfa1a0e08fd (patch) | |
| tree | e5477e60216cf0664f1df3333e6c4712dc54a3c5 | |
| parent | 5dc9681ac2792520bb9722e0d44a972578264013 (diff) | |
| download | vyos-1x-074870dad33d80e78128736f9e89bdfa1a0e08fd.tar.gz vyos-1x-074870dad33d80e78128736f9e89bdfa1a0e08fd.zip | |
login: T5521: home directory owner changed during reboot
During system startup the system-login.py script is invoked by vyos-router
systemd service. As there is no complete configuration available at this
point in time - and the sole purpose of this call is to reset/re-render
the system NSS/PAM configs back to default - it accidently also deleted the
local useraccounts.
Once the VyOS configuration got mounted, users got recreated in alphabetical
order and thus UIDs flipped and the /home suddenely belonged to a different
account.
This commit prevents any mangling with the local userdatabase during VyOS
bootup phase.
(cherry picked from commit 64d323299586da646ca847e78255ff2cd8464578)
| -rwxr-xr-x | src/conf_mode/system-login.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 02c97afaa..0dc84039e 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,6 +28,7 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 +from vyos.utils.boot import boot_configuration_complete from vyos.utils.dict import dict_search from vyos.utils.process import cmd from vyos.utils.process import call @@ -278,8 +279,6 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) - - # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') @@ -303,6 +302,12 @@ def generate(login): def apply(login): + # Script is invoked from vyos-router.service during startup. + # While configuration mounting and so on is not yet complete, + # skip any code that messes with the local user database + if not boot_configuration_complete(): + return None + if 'user' in login: for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), |