diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-30 22:37:27 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-01 18:15:29 +0000 |
commit | 88a77db9ddd7f8322b059fe90fee8fbe85c73022 (patch) | |
tree | def02fc9a840b977b13bed07a24a19ff07ca236b /src/conf_mode | |
parent | 13fddcfef2f9c13dd6e789fa9e8050011241e2b5 (diff) | |
download | vyos-1x-88a77db9ddd7f8322b059fe90fee8fbe85c73022.tar.gz vyos-1x-88a77db9ddd7f8322b059fe90fee8fbe85c73022.zip |
login: T5875: restore home directory permissions only when needed
This improves commit 3c990f49e ("login: T5875: restore home directory
permissions when re-adding user account") in a way that the home directory
owner is only altered if it differs from the expected owner.
Without this change on every boot we would alter the owner which could increase
the boot time if the home of a user is cluttered.
(cherry picked from commit 1b364428f79b7e4588a000fca40582ef968fc7fd)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/system_login.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index 95021c8fd..30e823bd4 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -20,6 +20,7 @@ from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam +from pwd import getpwuid from sys import exit from time import sleep @@ -342,8 +343,11 @@ def apply(login): # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir # T5875: ensure UID is properly set on home directory if user is re-added - if os.path.exists(home_dir): - chown(home_dir, user=user, recursive=True) + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust it on demand + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + if dir_owner != user: + chown(home_dir, user=user, recursive=True) render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, |