Mageia Bugzilla – Attachment 9066 Details for
Bug 618
Installer and userdrake give different permissions to home directories
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
correctly set permissions on the home directory, v1
userdrake_fix_home_perms.diff (text/plain), 4.34 KB, created by
Frédéric "LpSolit" Buclin
on 2017-03-10 22:31:03 CET
(
hide
)
Description:
correctly set permissions on the home directory, v1
Filename:
MIME Type:
Creator:
Frédéric "LpSolit" Buclin
Created:
2017-03-10 22:31:03 CET
Size:
4.34 KB
patch
obsolete
>From e359ca9c47c4049eb71e61010405c8cc54944c9d Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@netscape.net> >Date: Fri, 10 Mar 2017 22:10:29 +0100 >Subject: [PATCH] Correctly set permissions on the home directory when creating > a new user (mga#618) > >--- > NEWS | 3 +++ > USER/USER.xs | 5 +++-- > userdrake | 25 +++++++++++++++++++++++-- > 3 files changed, 29 insertions(+), 4 deletions(-) > >diff --git a/NEWS b/NEWS >index 3f990bd..537816a 100644 >--- a/NEWS >+++ b/NEWS >@@ -1,3 +1,6 @@ >+- Correctly set permissions on the home directory >+ when creating a new user (mga#618) >+ > Version 2.14 - 24 February 2017 > > - Do not encrypt the empty password (mga#19318) >diff --git a/USER/USER.xs b/USER/USER.xs >index 086580b..ff9fc41 100644 >--- a/USER/USER.xs >+++ b/USER/USER.xs >@@ -67,11 +67,12 @@ Admin_DESTROY(self) > if (self) lu_end(self); > > int >-Admin_UserAdd(self, ent, is_system, dont_create_home) >+Admin_UserAdd(self, ent, is_system, dont_create_home, homePermissions) > USER::ADMIN *self > USER::ENT *ent > int is_system > int dont_create_home >+ short homePermissions > CODE: > USER__ERR *error = NULL; > long uidNumber, gidNumber; >@@ -114,7 +115,7 @@ Admin_UserAdd(self, ent, is_system, dont_create_home) > homeDirectory = g_value_get_string(value); > > if (lu_homedir_populate(self, skeleton, homeDirectory, >- uidNumber, gidNumber, 0700, >+ uidNumber, gidNumber, homePermissions, > &error) == 0) { > warn(_("Error creating `%s': %s"), homeDirectory, error ? error->string : "unknown error"); > RETVAL = 2; >diff --git a/userdrake b/userdrake >index 5994012..942c622 100755 >--- a/userdrake >+++ b/userdrake >@@ -259,6 +259,20 @@ sub is_xguest_installed() { > -e '/etc/security/namespace.d/xguest.conf'; > } > >+# Similar to MDK::Common::System::getVarsFromSh(), but accepts both '=' or whitespaces >+# as separator (i.e. PARAM=VALUE or PARAM VALUE). Also it only returns relevant parameters >+# to the caller in the form of a { PARAM => VALUE } hashref. >+sub get_params { >+ my ($file, @parameters) = @_; >+ if (open(my $fh, '<', $file)) { >+ my @lines = <$fh>; >+ close $fh; >+ my $param_list = join('|', @parameters); >+ my %params = map { /^($param_list)\b(?:=|\s+)(.+)$/; $1 => $2 } grep {/^(?:$param_list)\b/} @lines; >+ return \%params; >+ } >+} >+ > sub GrayDelEdit() { > foreach ($tbedit, $tbdel, $buttorcheck{edit}, $buttorcheck{delete}) { > defined $_ and $_->set_sensitive(0); >@@ -414,7 +428,10 @@ sub GetFaceIcon { > > sub AddUser() { > my $w = NewWindow(N("Create New User")); >- my $dontcreatehomedir = 0; my $is_system = 0; >+ my $dontcreatehomedir = 0; >+ # Be restrictive by default, and use umask if known. >+ my $homedir_perms = 0700; >+ my $is_system = 0; > my %u; > gtkpack_($w->get_child, > 0, BuildUui(), >@@ -457,6 +474,10 @@ sub AddUser() { > $dontcreatehomedir = 0; > $u{homedir} = $us->{o}{homedir}->get_text; > $userEnt and $userEnt->HomeDir($u{homedir}); >+ # Correctly set permissions on the home directory. >+ if (my $umask = get_params('/etc/login.defs', qw(UMASK))->{UMASK}) { >+ $homedir_perms = 0777 &~ oct($umask); >+ } > } else { > $dontcreatehomedir = 1; > } >@@ -500,7 +521,7 @@ sub AddUser() { > $userEnt->Gid($u{gid}); > $userEnt->ShadowMin(-1); $userEnt->ShadowMax(99999); > $userEnt->ShadowWarn(-1); $userEnt->ShadowInact(-1); >- $ctx->UserAdd($userEnt, $is_system, $dontcreatehomedir); >+ $ctx->UserAdd($userEnt, $is_system, $dontcreatehomedir, $homedir_perms); > $ctx->UserSetPass($userEnt, $u{passwd}); > defined $us->{o}{iconval} and > any::addKdmIcon($u{username}, $us->{o}{iconval}); >-- >2.10.2 >
From e359ca9c47c4049eb71e61010405c8cc54944c9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@netscape.net> Date: Fri, 10 Mar 2017 22:10:29 +0100 Subject: [PATCH] Correctly set permissions on the home directory when creating a new user (mga#618) --- NEWS | 3 +++ USER/USER.xs | 5 +++-- userdrake | 25 +++++++++++++++++++++++-- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 3f990bd..537816a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +- Correctly set permissions on the home directory + when creating a new user (mga#618) + Version 2.14 - 24 February 2017 - Do not encrypt the empty password (mga#19318) diff --git a/USER/USER.xs b/USER/USER.xs index 086580b..ff9fc41 100644 --- a/USER/USER.xs +++ b/USER/USER.xs @@ -67,11 +67,12 @@ Admin_DESTROY(self) if (self) lu_end(self); int -Admin_UserAdd(self, ent, is_system, dont_create_home) +Admin_UserAdd(self, ent, is_system, dont_create_home, homePermissions) USER::ADMIN *self USER::ENT *ent int is_system int dont_create_home + short homePermissions CODE: USER__ERR *error = NULL; long uidNumber, gidNumber; @@ -114,7 +115,7 @@ Admin_UserAdd(self, ent, is_system, dont_create_home) homeDirectory = g_value_get_string(value); if (lu_homedir_populate(self, skeleton, homeDirectory, - uidNumber, gidNumber, 0700, + uidNumber, gidNumber, homePermissions, &error) == 0) { warn(_("Error creating `%s': %s"), homeDirectory, error ? error->string : "unknown error"); RETVAL = 2; diff --git a/userdrake b/userdrake index 5994012..942c622 100755 --- a/userdrake +++ b/userdrake @@ -259,6 +259,20 @@ sub is_xguest_installed() { -e '/etc/security/namespace.d/xguest.conf'; } +# Similar to MDK::Common::System::getVarsFromSh(), but accepts both '=' or whitespaces +# as separator (i.e. PARAM=VALUE or PARAM VALUE). Also it only returns relevant parameters +# to the caller in the form of a { PARAM => VALUE } hashref. +sub get_params { + my ($file, @parameters) = @_; + if (open(my $fh, '<', $file)) { + my @lines = <$fh>; + close $fh; + my $param_list = join('|', @parameters); + my %params = map { /^($param_list)\b(?:=|\s+)(.+)$/; $1 => $2 } grep {/^(?:$param_list)\b/} @lines; + return \%params; + } +} + sub GrayDelEdit() { foreach ($tbedit, $tbdel, $buttorcheck{edit}, $buttorcheck{delete}) { defined $_ and $_->set_sensitive(0); @@ -414,7 +428,10 @@ sub GetFaceIcon { sub AddUser() { my $w = NewWindow(N("Create New User")); - my $dontcreatehomedir = 0; my $is_system = 0; + my $dontcreatehomedir = 0; + # Be restrictive by default, and use umask if known. + my $homedir_perms = 0700; + my $is_system = 0; my %u; gtkpack_($w->get_child, 0, BuildUui(), @@ -457,6 +474,10 @@ sub AddUser() { $dontcreatehomedir = 0; $u{homedir} = $us->{o}{homedir}->get_text; $userEnt and $userEnt->HomeDir($u{homedir}); + # Correctly set permissions on the home directory. + if (my $umask = get_params('/etc/login.defs', qw(UMASK))->{UMASK}) { + $homedir_perms = 0777 &~ oct($umask); + } } else { $dontcreatehomedir = 1; } @@ -500,7 +521,7 @@ sub AddUser() { $userEnt->Gid($u{gid}); $userEnt->ShadowMin(-1); $userEnt->ShadowMax(99999); $userEnt->ShadowWarn(-1); $userEnt->ShadowInact(-1); - $ctx->UserAdd($userEnt, $is_system, $dontcreatehomedir); + $ctx->UserAdd($userEnt, $is_system, $dontcreatehomedir, $homedir_perms); $ctx->UserSetPass($userEnt, $u{passwd}); defined $us->{o}{iconval} and any::addKdmIcon($u{username}, $us->{o}{iconval}); -- 2.10.2
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 618
:
9066
|
9067
|
9068