From 1b364428f79b7e4588a000fca40582ef968fc7fd Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 30 Dec 2023 22:37:27 +0100 Subject: login: T5875: restore home directory permissions only when needed This improves commit 3c990f49e ("login: T5875: restore home directory permissions when re-adding user account") in a way that the home directory owner is only altered if it differs from the expected owner. Without this change on every boot we would alter the owner which could increase the boot time if the home of a user is cluttered. --- src/conf_mode/system_login.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index f34575aff..3d16bdb4a 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -20,6 +20,7 @@ from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam +from pwd import getpwuid from sys import exit from time import sleep @@ -342,8 +343,11 @@ def apply(login): # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir # T5875: ensure UID is properly set on home directory if user is re-added - if os.path.exists(home_dir): - chown(home_dir, user=user, recursive=True) + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust it on demand + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + if dir_owner != user: + chown(home_dir, user=user, recursive=True) render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, -- cgit v1.2.3