summaryrefslogtreecommitdiff
path: root/src/conf_mode/system_login.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-30 22:37:27 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-01 01:00:51 +0100
commit1b364428f79b7e4588a000fca40582ef968fc7fd (patch)
tree78f5c0b65dc42dcf6e9fda6f914fc0bd5b8a9126 /src/conf_mode/system_login.py
parent22d5b2bab254668dd0fe8c543fb1bd0edcbead18 (diff)
downloadvyos-1x-1b364428f79b7e4588a000fca40582ef968fc7fd.tar.gz
vyos-1x-1b364428f79b7e4588a000fca40582ef968fc7fd.zip
login: T5875: restore home directory permissions only when needed
This improves commit 3c990f49e ("login: T5875: restore home directory permissions when re-adding user account") in a way that the home directory owner is only altered if it differs from the expected owner. Without this change on every boot we would alter the owner which could increase the boot time if the home of a user is cluttered.
Diffstat (limited to 'src/conf_mode/system_login.py')
-rwxr-xr-xsrc/conf_mode/system_login.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index f34575aff..3d16bdb4a 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -20,6 +20,7 @@ from passlib.hosts import linux_context
from psutil import users
from pwd import getpwall
from pwd import getpwnam
+from pwd import getpwuid
from sys import exit
from time import sleep
@@ -342,8 +343,11 @@ def apply(login):
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
# T5875: ensure UID is properly set on home directory if user is re-added
- if os.path.exists(home_dir):
- chown(home_dir, user=user, recursive=True)
+ # the home directory will always exist, as it's created above by --create-home,
+ # retrieve current owner of home directory and adjust it on demand
+ dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+ if dir_owner != user:
+ chown(home_dir, user=user, recursive=True)
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,