diff options
Diffstat (limited to 'cloudinit')
-rw-r--r-- | cloudinit/config/cc_users_groups.py | 31 | ||||
-rw-r--r-- | cloudinit/distros/ubuntu.py | 5 | ||||
-rw-r--r-- | cloudinit/util.py | 8 |
3 files changed, 26 insertions, 18 deletions
diff --git a/cloudinit/config/cc_users_groups.py b/cloudinit/config/cc_users_groups.py index 1a428217..62761aa4 100644 --- a/cloudinit/config/cc_users_groups.py +++ b/cloudinit/config/cc_users_groups.py @@ -91,21 +91,22 @@ def create_user(user, user_config, log, cloud): log.info("Creating user %s" % user) adduser_cmd = ['useradd', user] + x_adduser_cmd = adduser_cmd adduser_opts = { - "gecos": '-c', + "gecos": '--comment', "homedir": '--home', - "primary-group": '-g', - "groups": '-G', - "passwd": '-p', - "shell": '-s', - "expiredate": '-e', - "inactive": '-f', + "primary-group": '--gid', + "groups": '--groups', + "passwd": '--password', + "shell": '--shell', + "expiredate": '--expiredate', + "inactive": '--inactive', } adduser_opts_flags = { - "no-user-group": '-N', - "system": '-r', - "no-log-init": '-l', + "no-user-group": '--no-user-group', + "system": '--system', + "no-log-init": '--no-log-init', "no-create-home": "-M", } @@ -116,8 +117,15 @@ def create_user(user, user_config, log, cloud): and type(value).__name__ == "str": adduser_cmd.extend([adduser_opts[option], value]) + # Redact the password field from the logs + if option != "password": + x_adduser_cmd.extend([adduser_opts[option], value]) + else: + x_adduser_cmd.extend([adduser_opts[option], 'REDACTED']) + if option in adduser_opts_flags and value: adduser_cmd.append(adduser_opts_flags[option]) + x_adduser_cmd.append(adduser_opts_flags[option]) # Default to creating home directory unless otherwise directed # Also, we do not create home directories for system users. @@ -129,8 +137,7 @@ def create_user(user, user_config, log, cloud): # Create the user try: - util.subp(adduser_cmd, - hidden="cloudinit.user_config.cc_users_groups(%s)" % user) + util.subp(adduser_cmd, logstring=x_adduser_cmd) except Exception as e: log.warn("Failed to create user %s due to error.\n%s" % user) diff --git a/cloudinit/distros/ubuntu.py b/cloudinit/distros/ubuntu.py index e6672c4f..fbca5eb5 100644 --- a/cloudinit/distros/ubuntu.py +++ b/cloudinit/distros/ubuntu.py @@ -65,11 +65,12 @@ class Distro(debian.Distro): '--home', '/home/%s' % self.__default_user_name__, '--disabled-password', '--gecos', 'Ubuntu', - self.__default_user_name__, + self.__default_user_name__, ]) pass_string = '%(u)s:%(u)s' % {'u': self.__default_user_name__} - util.subp(['chpasswd'], pass_string) + x_pass_string = '%(u)s:REDACTED' % {'u': self.__default_user_name__} + util.subp(['chpasswd'], pass_string, logstring=x_pass_string) util.subp(['passwd', '-l', self.__default_user_name__]) ubuntu_sudoers=""" diff --git a/cloudinit/util.py b/cloudinit/util.py index 0fbf9832..a7d72d59 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -1329,17 +1329,17 @@ def delete_dir_contents(dirname): del_file(node_fullpath) -def subp(args, data=None, rcs=None, env=None, capture=True, shell=False, hidden=False): +def subp(args, data=None, rcs=None, env=None, capture=True, shell=False, logstring=False): if rcs is None: rcs = [0] try: - if not hidden: + if not logstring: LOG.debug(("Running command %s with allowed return codes %s" " (shell=%s, capture=%s)"), args, rcs, shell, capture) else: - LOG.debug(("Running hidden command to protect sensative output " - " Calling function: %s" ), hidden) + LOG.debug(("Running hidden command to protect sensitive input/output " + " logstring: %s" ), logstring) if not capture: stdout = None |