summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-29 20:54:29 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-12-30 09:57:14 +0000
commit92ca844d7a0492ecc1464a9bf18eecd72ac6e907 (patch)
treedfa08a7917249c20e0295990bddb5c12fcdb4f43 /src/conf_mode
parent93427954f3abbce755847e61d0dd6471dce1bdd9 (diff)
downloadvyos-1x-92ca844d7a0492ecc1464a9bf18eecd72ac6e907.tar.gz
vyos-1x-92ca844d7a0492ecc1464a9bf18eecd72ac6e907.zip
login: T5875: restore home directory permissions when re-adding user account
After deleting a user account and working with a newly added account, we see that after rebooting in the previously saved configuration, the user is re-added but it's home directory might have an old UID set on the filesystem. This is due to the fact that vyos config does not store UIDs. When adding a user account to the system we now check if the home directory already exists and adjust the ownership to the new UID. (cherry picked from commit 3c990f49e2bf9347bd2cc478995baa995ee822fd)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/system-login.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index cd85a5066..95021c8fd 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -29,6 +29,7 @@ from vyos.defaults import directories
from vyos.template import render
from vyos.template import is_ipv4
from vyos.utils.dict import dict_search
+from vyos.utils.file import chown
from vyos.utils.process import cmd
from vyos.utils.process import call
from vyos.utils.process import rc_cmd
@@ -334,13 +335,16 @@ def apply(login):
command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}'
try:
cmd(command)
-
# we should not rely on the value stored in
# user_config['home_directory'], as a crazy user will choose
# username root or any other system user which will fail.
#
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
+ # T5875: ensure UID is properly set on home directory if user is re-added
+ if os.path.exists(home_dir):
+ chown(home_dir, user=user, recursive=True)
+
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,
formater=lambda _: _.replace("&quot;", '"'),