From 074870dad33d80e78128736f9e89bdfa1a0e08fd Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Tue, 3 Oct 2023 09:26:33 +0200 Subject: login: T5521: home directory owner changed during reboot During system startup the system-login.py script is invoked by vyos-router systemd service. As there is no complete configuration available at this point in time - and the sole purpose of this call is to reset/re-render the system NSS/PAM configs back to default - it accidently also deleted the local useraccounts. Once the VyOS configuration got mounted, users got recreated in alphabetical order and thus UIDs flipped and the /home suddenely belonged to a different account. This commit prevents any mangling with the local userdatabase during VyOS bootup phase. (cherry picked from commit 64d323299586da646ca847e78255ff2cd8464578) --- src/conf_mode/system-login.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/system-login.py') diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 02c97afaa..0dc84039e 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,6 +28,7 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 +from vyos.utils.boot import boot_configuration_complete from vyos.utils.dict import dict_search from vyos.utils.process import cmd from vyos.utils.process import call @@ -278,8 +279,6 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) - - # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') @@ -303,6 +302,12 @@ def generate(login): def apply(login): + # Script is invoked from vyos-router.service during startup. + # While configuration mounting and so on is not yet complete, + # skip any code that messes with the local user database + if not boot_configuration_complete(): + return None + if 'user' in login: for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), -- cgit v1.2.3