YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

admins: change migration strategy, recreate 'admin' as a legacy regular user that will be encouraged to manually get rid of

Browse source
This commit is contained in:
Alexandre Aubin 2022-09-30 19:22:29 +02:00
parent fc14f64821
commit 2199d60732
1 changed files with 33 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/migrations/0026_new_admins_group.py
View file

@ -1,4 +1,5 @@
import os import os
import subprocess
from moulinette.utils.log import getActionLogger from moulinette.utils.log import getActionLogger
from yunohost.utils.error import YunohostError from yunohost.utils.error import YunohostError
@ -24,7 +25,7 @@ class MyMigration(Migration):
@Migration.ldap_migration @Migration.ldap_migration
def run(self, *args): def run(self, *args):
from yunohost.user import user_list, user_info, user_group_update, user_update from yunohost.user import user_list, user_info, user_group_update, user_update, user_create
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
@ -60,6 +61,8 @@ yunohost tools migrations run""",
user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove) user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove)
admin_hashs = ldap.search("cn=admin", "", {"userPassword"})[0]["userPassword"]
stuff_to_delete = [ stuff_to_delete = [
"cn=admin,ou=sudo", "cn=admin,ou=sudo",
"cn=admin", "cn=admin",
@ -94,5 +97,34 @@ yunohost tools migrations run""",
if new_admin_user: if new_admin_user:
user_group_update(groupname="admins", add=new_admin_user, sync_perm=True) user_group_update(groupname="admins", add=new_admin_user, sync_perm=True)
# Re-add admin as a regular user
attr_dict = {
"objectClass": [
"mailAccount",
"inetOrgPerson",
"posixAccount",
"userPermissionYnh",
],
"givenName": ["Admin"],
"sn": ["Admin"],
"displayName": ["Admin"],
"cn": ["Admin"],
"uid": ["admin"],
"mail": "",
"maildrop": ["admin"],
"mailuserquota": ["0"],
"userPassword": admin_hashs,
"gidNumber": ["1007"],
"uidNumber": ["1007"],
"homeDirectory": ["/home/admin"],
"loginShell": ["/bin/bash"],
}
ldap.add("uid=admin,ou=users", attr_dict)
user_group_update(groupname="admins", add="admin", sync_perm=True)
subprocess.call(["nscd", "-i", "passwd"])
subprocess.call(["nscd", "-i", "group"])
def run_after_system_restore(self): def run_after_system_restore(self):
self.run() self.run()