Merge pull request #1538 from YunoHost/change-loginShell

be able to change the loginShell of a user
This commit is contained in:
Alexandre Aubin 2023-01-19 16:25:06 +01:00 committed by GitHub
commit 285200a2c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 2 deletions

View file

@ -471,6 +471,7 @@
"invalid_number_max": "Must be lesser than {max}",
"invalid_number_min": "Must be greater than {min}",
"invalid_regex": "Invalid regex:'{regex}'",
"invalid_shell": "Invalid shell: {shell}",
"ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it",
"iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it",
"ldap_attribute_already_exists": "LDAP attribute '{attribute}' already exists with value '{value}'",

View file

@ -116,6 +116,11 @@ user:
pattern: &pattern_mailbox_quota
- !!str ^(\d+[bkMGT])|0$
- "pattern_mailbox_quota"
-s:
full: --loginShell
help: The login shell used
default: "/bin/bash"
### user_delete()
delete:
@ -195,6 +200,10 @@ user:
metavar: "{SIZE|0}"
extra:
pattern: *pattern_mailbox_quota
-s:
full: --loginShell
help: The login shell used
default: "/bin/bash"
### user_info()
info:

View file

@ -123,6 +123,18 @@ def user_list(fields=None):
return {"users": users}
def list_shells():
with open("/etc/shells", "r") as f:
content = f.readlines()
return [line.strip() for line in content if line.startswith("/")]
def shellexists(shell):
"""Check if the provided shell exists and is executable."""
return os.path.isfile(shell) and os.access(shell, os.X_OK)
@is_unit_operation([("username", "user")])
def user_create(
operation_logger,
@ -135,6 +147,7 @@ def user_create(
mailbox_quota="0",
admin=False,
from_import=False,
loginShell=None,
):
if firstname or lastname:
@ -230,6 +243,12 @@ def user_create(
uid = str(random.randint(1001, 65000))
uid_guid_found = uid not in all_uid and uid not in all_gid
if not loginShell:
loginShell = "/bin/bash"
else:
if not shellexists(loginShell) or loginShell not in list_shells():
raise YunohostValidationError("invalid_shell", shell=loginShell)
attr_dict = {
"objectClass": [
"mailAccount",
@ -249,7 +268,7 @@ def user_create(
"gidNumber": [uid],
"uidNumber": [uid],
"homeDirectory": ["/home/" + username],
"loginShell": ["/bin/bash"],
"loginShell": [loginShell],
}
try:
@ -359,6 +378,7 @@ def user_update(
mailbox_quota=None,
from_import=False,
fullname=None,
loginShell=None,
):
if firstname or lastname:
@ -519,6 +539,12 @@ def user_update(
new_attr_dict["mailuserquota"] = [mailbox_quota]
env_dict["YNH_USER_MAILQUOTA"] = mailbox_quota
if loginShell is not None:
if not shellexists(loginShell) or loginShell not in list_shells():
raise YunohostValidationError("invalid_shell", shell=loginShell)
new_attr_dict["loginShell"] = [loginShell]
env_dict["YNH_USER_LOGINSHELL"] = loginShell
if not from_import:
operation_logger.start()
@ -527,6 +553,10 @@ def user_update(
except Exception as e:
raise YunohostError("user_update_failed", user=username, error=e)
# Invalidate passwd and group to update the loginShell
subprocess.call(["nscd", "-i", "passwd"])
subprocess.call(["nscd", "-i", "group"])
# Trigger post_user_update hooks
hook_callback("post_user_update", env=env_dict)
@ -548,7 +578,7 @@ def user_info(username):
ldap = _get_ldap_interface()
user_attrs = ["cn", "mail", "uid", "maildrop", "mailuserquota"]
user_attrs = ["cn", "mail", "uid", "maildrop", "mailuserquota", "loginShell"]
if len(username.split("@")) == 2:
filter = "mail=" + username
@ -566,6 +596,7 @@ def user_info(username):
"username": user["uid"][0],
"fullname": user["cn"][0],
"mail": user["mail"][0],
"loginShell": user["loginShell"][0],
"mail-aliases": [],
"mail-forward": [],
}