diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-30 12:00:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-30 12:00:48 +0100 |
| commit | 865e4290ce1da42df55088bebd3a389cdcf81806 (patch) | |
| tree | dfa08a7917249c20e0295990bddb5c12fcdb4f43 /src/conf_mode | |
| parent | 93427954f3abbce755847e61d0dd6471dce1bdd9 (diff) | |
| parent | 92ca844d7a0492ecc1464a9bf18eecd72ac6e907 (diff) | |
| download | vyos-1x-865e4290ce1da42df55088bebd3a389cdcf81806.tar.gz vyos-1x-865e4290ce1da42df55088bebd3a389cdcf81806.zip | |
Merge pull request #2721 from vyos/mergify/bp/sagitta/pr-2716
login: T5875: restore home directory permissions when re-adding user account (backport #2716)
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/system-login.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index cd85a5066..95021c8fd 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -29,6 +29,7 @@ from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 from vyos.utils.dict import dict_search +from vyos.utils.file import chown from vyos.utils.process import cmd from vyos.utils.process import call from vyos.utils.process import rc_cmd @@ -334,13 +335,16 @@ def apply(login): command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}' try: cmd(command) - # we should not rely on the value stored in # user_config['home_directory'], as a crazy user will choose # username root or any other system user which will fail. # # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir + # T5875: ensure UID is properly set on home directory if user is re-added + if os.path.exists(home_dir): + chown(home_dir, user=user, recursive=True) + render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), |