diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-30 22:37:27 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-01-01 01:00:51 +0100 |
| commit | 1b364428f79b7e4588a000fca40582ef968fc7fd (patch) | |
| tree | 78f5c0b65dc42dcf6e9fda6f914fc0bd5b8a9126 /src/conf_mode/system_login.py | |
| parent | 22d5b2bab254668dd0fe8c543fb1bd0edcbead18 (diff) | |
| download | vyos-1x-1b364428f79b7e4588a000fca40582ef968fc7fd.tar.gz vyos-1x-1b364428f79b7e4588a000fca40582ef968fc7fd.zip | |
login: T5875: restore home directory permissions only when needed
This improves commit 3c990f49e ("login: T5875: restore home directory
permissions when re-adding user account") in a way that the home directory
owner is only altered if it differs from the expected owner.
Without this change on every boot we would alter the owner which could increase
the boot time if the home of a user is cluttered.
Diffstat (limited to 'src/conf_mode/system_login.py')
| -rwxr-xr-x | src/conf_mode/system_login.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index f34575aff..3d16bdb4a 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -20,6 +20,7 @@ from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam +from pwd import getpwuid from sys import exit from time import sleep @@ -342,8 +343,11 @@ def apply(login): # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir # T5875: ensure UID is properly set on home directory if user is re-added - if os.path.exists(home_dir): - chown(home_dir, user=user, recursive=True) + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust it on demand + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + if dir_owner != user: + chown(home_dir, user=user, recursive=True) render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, |