4 files changed, 23 insertions, 21 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 910a92a7c..0b57221b2 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -262,12 +262,11 @@ def generate_run_arguments(name, container_config):
     restart = container_config['restart']
 
     # Add capability options. Should be in uppercase
-    cap_add = ''
-    if 'cap_add' in container_config:
-        for c in container_config['cap_add']:
-            c = c.upper()
-            c = c.replace('-', '_')
-            cap_add += f' --cap-add={c}'
+    capabilities = ''
+    if 'capability' in container_config:
+        for cap in container_config['capability']:
+            cap = cap.upper().replace('-', '_')
+            capabilities += f' --cap-add={cap}'
 
     # Add a host device to the container /dev/x:/dev/x
     device = ''
@@ -330,7 +329,7 @@ def generate_run_arguments(name, container_config):
             prop = vol_config['propagation']
             volume += f' --volume {svol}:{dvol}:{mode},{prop}'
 
-    container_base_cmd = f'--detach --interactive --tty --replace {cap_add} ' \
+    container_base_cmd = f'--detach --interactive --tty --replace {capabilities} ' \
                          f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \
                          f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid}'
 
diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py
index f4fb78f57..3b9198ed0 100755
--- a/src/conf_mode/service_dhcp-server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -165,7 +165,6 @@ def verify(dhcp):
     # Inspect shared-network/subnet
     listen_ok = False
     subnets = []
-    failover_ok = False
     shared_networks =  len(dhcp['shared_network_name'])
     disabled_shared_networks = 0
 
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 852b714eb..11e950782 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -68,8 +68,8 @@ def verify(ipoe):
     for interface, iface_config in ipoe['interface'].items():
         verify_interface_exists(interface)
         if 'client_subnet' in iface_config and 'vlan' in iface_config:
-            raise ConfigError('Option "client-subnet" incompatible with "vlan"!'
-                              'Use "ipoe client-ip-pool" instead.')
+            raise ConfigError('Option "client-subnet" and "vlan" are mutually exclusive, '
+                              'use "client-ip-pool" instead!')
 
     verify_accel_ppp_authentication(ipoe, local_users=False)
     verify_accel_ppp_ip_pool(ipoe)
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index 49306c894..20121f170 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -336,27 +336,31 @@ def apply(login):
             command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk,_kea {user}'
             try:
                 cmd(command)
-                # we should not rely on the value stored in
-                # user_config['home_directory'], as a crazy user will choose
-                # username root or any other system user which will fail.
+                # we should not rely on the value stored in user_config['home_directory'], as a
+                # crazy user will choose username root or any other system user which will fail.
                 #
                 # XXX: Should we deny using root at all?
                 home_dir = getpwnam(user).pw_dir
-                # T5875: ensure UID is properly set on home directory if user is re-added
-                # the home directory will always exist, as it's created above by --create-home,
-                # retrieve current owner of home directory and adjust it on demand
-                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
-                if dir_owner != user:
-                     chown(home_dir, user=user, recursive=True)
-
+                # always re-render SSH keys with appropriate permissions
                 render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
                        user_config, permission=0o600,
                        formater=lambda _: _.replace("&quot;", '"'),
                        user=user, group='users')
-
             except Exception as e:
                 raise ConfigError(f'Adding user "{user}" raised exception: "{e}"')
 
+            # T5875: ensure UID is properly set on home directory if user is re-added
+            # the home directory will always exist, as it's created above by --create-home,
+            # retrieve current owner of home directory and adjust on demand
+            dir_owner = None
+            try:
+                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+            except:
+                pass
+
+            if dir_owner != user:
+                    chown(home_dir, user=user, recursive=True)
+
             # Generate 2FA/MFA One-Time-Pad configuration
             if dict_search('authentication.otp.key', user_config):
                 enable_otp = True