diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-29 20:54:29 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-12-30 09:57:14 +0000 |
commit | 92ca844d7a0492ecc1464a9bf18eecd72ac6e907 (patch) | |
tree | dfa08a7917249c20e0295990bddb5c12fcdb4f43 /src/conf_mode | |
parent | 93427954f3abbce755847e61d0dd6471dce1bdd9 (diff) | |
download | vyos-1x-92ca844d7a0492ecc1464a9bf18eecd72ac6e907.tar.gz vyos-1x-92ca844d7a0492ecc1464a9bf18eecd72ac6e907.zip |
login: T5875: restore home directory permissions when re-adding user account
After deleting a user account and working with a newly added account, we see
that after rebooting in the previously saved configuration, the user is
re-added but it's home directory might have an old UID set on the filesystem.
This is due to the fact that vyos config does not store UIDs. When adding a
user account to the system we now check if the home directory already exists
and adjust the ownership to the new UID.
(cherry picked from commit 3c990f49e2bf9347bd2cc478995baa995ee822fd)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/system-login.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index cd85a5066..95021c8fd 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -29,6 +29,7 @@ from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 from vyos.utils.dict import dict_search +from vyos.utils.file import chown from vyos.utils.process import cmd from vyos.utils.process import call from vyos.utils.process import rc_cmd @@ -334,13 +335,16 @@ def apply(login): command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}' try: cmd(command) - # we should not rely on the value stored in # user_config['home_directory'], as a crazy user will choose # username root or any other system user which will fail. # # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir + # T5875: ensure UID is properly set on home directory if user is re-added + if os.path.exists(home_dir): + chown(home_dir, user=user, recursive=True) + render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), |