summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-30 22:37:27 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-01 18:15:29 +0000
commit88a77db9ddd7f8322b059fe90fee8fbe85c73022 (patch)
treedef02fc9a840b977b13bed07a24a19ff07ca236b /src/conf_mode
parent13fddcfef2f9c13dd6e789fa9e8050011241e2b5 (diff)
downloadvyos-1x-88a77db9ddd7f8322b059fe90fee8fbe85c73022.tar.gz
vyos-1x-88a77db9ddd7f8322b059fe90fee8fbe85c73022.zip
login: T5875: restore home directory permissions only when needed
This improves commit 3c990f49e ("login: T5875: restore home directory permissions when re-adding user account") in a way that the home directory owner is only altered if it differs from the expected owner. Without this change on every boot we would alter the owner which could increase the boot time if the home of a user is cluttered. (cherry picked from commit 1b364428f79b7e4588a000fca40582ef968fc7fd)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/system_login.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index 95021c8fd..30e823bd4 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -20,6 +20,7 @@ from passlib.hosts import linux_context
from psutil import users
from pwd import getpwall
from pwd import getpwnam
+from pwd import getpwuid
from sys import exit
from time import sleep
@@ -342,8 +343,11 @@ def apply(login):
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
# T5875: ensure UID is properly set on home directory if user is re-added
- if os.path.exists(home_dir):
- chown(home_dir, user=user, recursive=True)
+ # the home directory will always exist, as it's created above by --create-home,
+ # retrieve current owner of home directory and adjust it on demand
+ dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+ if dir_owner != user:
+ chown(home_dir, user=user, recursive=True)
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,