summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/config/cc_users_groups.py31
-rw-r--r--cloudinit/distros/ubuntu.py5
-rw-r--r--cloudinit/util.py8
3 files changed, 26 insertions, 18 deletions
diff --git a/cloudinit/config/cc_users_groups.py b/cloudinit/config/cc_users_groups.py
index 1a428217..62761aa4 100644
--- a/cloudinit/config/cc_users_groups.py
+++ b/cloudinit/config/cc_users_groups.py
@@ -91,21 +91,22 @@ def create_user(user, user_config, log, cloud):
log.info("Creating user %s" % user)
adduser_cmd = ['useradd', user]
+ x_adduser_cmd = adduser_cmd
adduser_opts = {
- "gecos": '-c',
+ "gecos": '--comment',
"homedir": '--home',
- "primary-group": '-g',
- "groups": '-G',
- "passwd": '-p',
- "shell": '-s',
- "expiredate": '-e',
- "inactive": '-f',
+ "primary-group": '--gid',
+ "groups": '--groups',
+ "passwd": '--password',
+ "shell": '--shell',
+ "expiredate": '--expiredate',
+ "inactive": '--inactive',
}
adduser_opts_flags = {
- "no-user-group": '-N',
- "system": '-r',
- "no-log-init": '-l',
+ "no-user-group": '--no-user-group',
+ "system": '--system',
+ "no-log-init": '--no-log-init',
"no-create-home": "-M",
}
@@ -116,8 +117,15 @@ def create_user(user, user_config, log, cloud):
and type(value).__name__ == "str":
adduser_cmd.extend([adduser_opts[option], value])
+ # Redact the password field from the logs
+ if option != "password":
+ x_adduser_cmd.extend([adduser_opts[option], value])
+ else:
+ x_adduser_cmd.extend([adduser_opts[option], 'REDACTED'])
+
if option in adduser_opts_flags and value:
adduser_cmd.append(adduser_opts_flags[option])
+ x_adduser_cmd.append(adduser_opts_flags[option])
# Default to creating home directory unless otherwise directed
# Also, we do not create home directories for system users.
@@ -129,8 +137,7 @@ def create_user(user, user_config, log, cloud):
# Create the user
try:
- util.subp(adduser_cmd,
- hidden="cloudinit.user_config.cc_users_groups(%s)" % user)
+ util.subp(adduser_cmd, logstring=x_adduser_cmd)
except Exception as e:
log.warn("Failed to create user %s due to error.\n%s" % user)
diff --git a/cloudinit/distros/ubuntu.py b/cloudinit/distros/ubuntu.py
index e6672c4f..fbca5eb5 100644
--- a/cloudinit/distros/ubuntu.py
+++ b/cloudinit/distros/ubuntu.py
@@ -65,11 +65,12 @@ class Distro(debian.Distro):
'--home', '/home/%s' % self.__default_user_name__,
'--disabled-password',
'--gecos', 'Ubuntu',
- self.__default_user_name__,
+ self.__default_user_name__,
])
pass_string = '%(u)s:%(u)s' % {'u': self.__default_user_name__}
- util.subp(['chpasswd'], pass_string)
+ x_pass_string = '%(u)s:REDACTED' % {'u': self.__default_user_name__}
+ util.subp(['chpasswd'], pass_string, logstring=x_pass_string)
util.subp(['passwd', '-l', self.__default_user_name__])
ubuntu_sudoers="""
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 0fbf9832..a7d72d59 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1329,17 +1329,17 @@ def delete_dir_contents(dirname):
del_file(node_fullpath)
-def subp(args, data=None, rcs=None, env=None, capture=True, shell=False, hidden=False):
+def subp(args, data=None, rcs=None, env=None, capture=True, shell=False, logstring=False):
if rcs is None:
rcs = [0]
try:
- if not hidden:
+ if not logstring:
LOG.debug(("Running command %s with allowed return codes %s"
" (shell=%s, capture=%s)"), args, rcs, shell, capture)
else:
- LOG.debug(("Running hidden command to protect sensative output "
- " Calling function: %s" ), hidden)
+ LOG.debug(("Running hidden command to protect sensitive input/output "
+ " logstring: %s" ), logstring)
if not capture:
stdout = None