Merge pull request #1538 from YunoHost/change-loginShell

be able to change the loginShell of a user
2024-09-03 20:06:10 +02:00 · 2023-01-19 16:25:06 +01:00 · 2023-01-19 16:25:06 +01:00 · 285200a2c7
commit 285200a2c7
parent f1c7c3d237 13be9af65f
3 changed files with 43 additions and 2 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -471,6 +471,7 @@
    "invalid_number_max": "Must be lesser than {max}",
    "invalid_number_min": "Must be greater than {min}",
    "invalid_regex": "Invalid regex:'{regex}'",
+    "invalid_shell": "Invalid shell: {shell}",
    "ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it",
    "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it",
    "ldap_attribute_already_exists": "LDAP attribute '{attribute}' already exists with value '{value}'",
--- a/share/actionsmap.yml
+++ b/share/actionsmap.yml
@ -116,6 +116,11 @@ user:
                        pattern: &pattern_mailbox_quota
                            - !!str ^(\d+[bkMGT])|0$
                            - "pattern_mailbox_quota"
+                -s:
+                    full: --loginShell
+                    help: The login shell used
+                    default: "/bin/bash"
+                    

        ### user_delete()
        delete:
@ -195,6 +200,10 @@ user:
                    metavar: "{SIZE|0}"
                    extra:
                        pattern: *pattern_mailbox_quota
+                -s:
+                    full: --loginShell
+                    help: The login shell used
+                    default: "/bin/bash"

        ### user_info()
        info:
--- a/src/user.py
+++ b/src/user.py
@ -123,6 +123,18 @@ def user_list(fields=None):
    return {"users": users}


+def list_shells():
+    with open("/etc/shells", "r") as f:
+        content = f.readlines()
+
+    return [line.strip() for line in content if line.startswith("/")]
+
+
+def shellexists(shell):
+    """Check if the provided shell exists and is executable."""
+    return os.path.isfile(shell) and os.access(shell, os.X_OK)
+
+
@is_unit_operation([("username", "user")])
 def user_create(
    operation_logger,
@ -135,6 +147,7 @@ def user_create(
    mailbox_quota="0",
    admin=False,
    from_import=False,
+    loginShell=None,
 ):

    if firstname or lastname:
@ -230,6 +243,12 @@ def user_create(
        uid = str(random.randint(1001, 65000))
        uid_guid_found = uid not in all_uid and uid not in all_gid

+    if not loginShell:
+        loginShell = "/bin/bash"
+    else:
+        if not shellexists(loginShell) or loginShell not in list_shells():
+            raise YunohostValidationError("invalid_shell", shell=loginShell)
+
    attr_dict = {
        "objectClass": [
            "mailAccount",
@ -249,7 +268,7 @@ def user_create(
        "gidNumber": [uid],
        "uidNumber": [uid],
        "homeDirectory": ["/home/" + username],
-        "loginShell": ["/bin/bash"],
+        "loginShell": [loginShell],
    }

    try:
@ -359,6 +378,7 @@ def user_update(
    mailbox_quota=None,
    from_import=False,
    fullname=None,
+    loginShell=None,
 ):

    if firstname or lastname:
@ -519,6 +539,12 @@ def user_update(
        new_attr_dict["mailuserquota"] = [mailbox_quota]
        env_dict["YNH_USER_MAILQUOTA"] = mailbox_quota

+    if loginShell is not None:
+        if not shellexists(loginShell) or loginShell not in list_shells():
+            raise YunohostValidationError("invalid_shell", shell=loginShell)
+        new_attr_dict["loginShell"] = [loginShell]
+        env_dict["YNH_USER_LOGINSHELL"] = loginShell
+
    if not from_import:
        operation_logger.start()

@ -527,6 +553,10 @@ def user_update(
    except Exception as e:
        raise YunohostError("user_update_failed", user=username, error=e)

+    # Invalidate passwd and group to update the loginShell
+    subprocess.call(["nscd", "-i", "passwd"])
+    subprocess.call(["nscd", "-i", "group"])
+
    # Trigger post_user_update hooks
    hook_callback("post_user_update", env=env_dict)

@ -548,7 +578,7 @@ def user_info(username):

    ldap = _get_ldap_interface()

-    user_attrs = ["cn", "mail", "uid", "maildrop", "mailuserquota"]
+    user_attrs = ["cn", "mail", "uid", "maildrop", "mailuserquota", "loginShell"]

    if len(username.split("@")) == 2:
        filter = "mail=" + username
@ -566,6 +596,7 @@ def user_info(username):
        "username": user["uid"][0],
        "fullname": user["cn"][0],
        "mail": user["mail"][0],
+        "loginShell": user["loginShell"][0],
        "mail-aliases": [],
        "mail-forward": [],
    }