diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/system_login.py | 26 | 
1 files changed, 15 insertions, 11 deletions
| diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index 49306c894..20121f170 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -336,27 +336,31 @@ def apply(login):              command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk,_kea {user}'              try:                  cmd(command) -                # we should not rely on the value stored in -                # user_config['home_directory'], as a crazy user will choose -                # username root or any other system user which will fail. +                # we should not rely on the value stored in user_config['home_directory'], as a +                # crazy user will choose username root or any other system user which will fail.                  #                  # XXX: Should we deny using root at all?                  home_dir = getpwnam(user).pw_dir -                # T5875: ensure UID is properly set on home directory if user is re-added -                # the home directory will always exist, as it's created above by --create-home, -                # retrieve current owner of home directory and adjust it on demand -                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name -                if dir_owner != user: -                     chown(home_dir, user=user, recursive=True) - +                # always re-render SSH keys with appropriate permissions                  render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',                         user_config, permission=0o600,                         formater=lambda _: _.replace(""", '"'),                         user=user, group='users') -              except Exception as e:                  raise ConfigError(f'Adding user "{user}" raised exception: "{e}"') +            # T5875: ensure UID is properly set on home directory if user is re-added +            # the home directory will always exist, as it's created above by --create-home, +            # retrieve current owner of home directory and adjust on demand +            dir_owner = None +            try: +                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name +            except: +                pass + +            if dir_owner != user: +                    chown(home_dir, user=user, recursive=True) +              # Generate 2FA/MFA One-Time-Pad configuration              if dict_search('authentication.otp.key', user_config):                  enable_otp = True | 
