tljh/user.py

"""
User management for tljh.

Supports minimal user & group management
"""
import grp
import pwd
import subprocess
from os.path import expanduser

# Set up plugin infrastructure
from tljh.utils import get_plugin_manager


def ensure_user(username):
    """
    Make sure a given user exists
    """
    # Check if user exists
    try:
        pwd.getpwnam(username)
        # User exists, nothing to do!
        return
    except KeyError:
        # User doesn't exist, time to create!
        pass

    subprocess.check_call(["useradd", "--create-home", username])

    subprocess.check_call(["chmod", "o-rwx", expanduser(f"~{username}")])

    pm = get_plugin_manager()
    pm.hook.tljh_new_user_create(username=username)


def remove_user(username):
    """
    Remove user from system if exists
    """
    try:
        pwd.getpwnam(username)
    except KeyError:
        # User doesn't exist, nothing to do
        return

    subprocess.check_call(["deluser", "--quiet", username])


def ensure_group(groupname):
    """
    Ensure given group exists
    """
    subprocess.check_call(["groupadd", "--force", groupname])


def remove_group(groupname):
    """
    Remove group from system if exists
    """
    try:
        grp.getgrnam(groupname)
    except KeyError:
        # Group doesn't exist, nothing to do
        return

    subprocess.check_call(["delgroup", "--quiet", groupname])


def ensure_user_group(username, groupname):
    """
    Ensure given user is member of given group

    Group and User must already exist.
    """
    group = grp.getgrnam(groupname)
    if username in group.gr_mem:
        return

    subprocess.check_call(["gpasswd", "--add", username, groupname])


def remove_user_group(username, groupname):
    """
    Ensure given user is *not* a member of given group
    """
    group = grp.getgrnam(groupname)
    if username not in group.gr_mem:
        return

    subprocess.check_call(["gpasswd", "--delete", username, groupname])
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00			`"""`
			`User management for tljh.`

Don't use sudo for everything We are running as root, and will rely on dropping privs via systemd rather than sudo 2018-06-27 02:07:49 -07:00			`Supports minimal user & group management`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00			`"""`
			`import grp`
add plugin infrastructure to user script 2019-10-24 15:52:37 +02:00			`import pwd`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00			`import subprocess`
Don't create home publicly readable World-Readable seem to be a surprising default for many people, especially in teaching context. Switch to a more reasonable rwxr-x--- We have to issue a chmod, as changing at creation time would require changin /etc/adduser.conf DIR_MODE=0760 (or whatever), but that seem unwise. We do not set the exact permission in case the DIR_MODE is more restrictive. Closing #158 2018-08-29 11:04:07 -07:00			`from os.path import expanduser`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00
add plugin infrastructure to user script 2019-10-24 15:52:37 +02:00			`# Set up plugin infrastructure`
Move plugin manager to utils Fix typo 2019-10-28 08:48:52 +01:00			`from tljh.utils import get_plugin_manager`
add plugin infrastructure to user script 2019-10-24 15:52:37 +02:00
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00
			`def ensure_user(username):`
			`"""`
			`Make sure a given user exists`
			`"""`
			`# Check if user exists`
			`try:`
			`pwd.getpwnam(username)`
			`# User exists, nothing to do!`
			`return`
			`except KeyError:`
			`# User doesn't exist, time to create!`
			`pass`

pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["useradd", "--create-home", username])`
pre-commit: run black without string normalization 2021-11-01 09:42:45 +01:00
pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["chmod", "o-rwx", expanduser(f"~{username}")])`
Don't create home publicly readable World-Readable seem to be a surprising default for many people, especially in teaching context. Switch to a more reasonable rwxr-x--- We have to issue a chmod, as changing at creation time would require changin /etc/adduser.conf DIR_MODE=0760 (or whatever), but that seem unwise. We do not set the exact permission in case the DIR_MODE is more restrictive. Closing #158 2018-08-29 11:04:07 -07:00
Move plugin manager call to end 2019-12-02 15:58:01 +01:00			`pm = get_plugin_manager()`
move plugin call 2019-10-28 08:43:09 +01:00			`pm.hook.tljh_new_user_create(username=username)`

Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00
			`def remove_user(username):`
			`"""`
			`Remove user from system if exists`
			`"""`
			`try:`
			`pwd.getpwnam(username)`
			`except KeyError:`
			`# User doesn't exist, nothing to do`
			`return`

pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["deluser", "--quiet", username])`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00

			`def ensure_group(groupname):`
			`"""`
			`Ensure given group exists`
			`"""`
pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["groupadd", "--force", groupname])`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00

			`def remove_group(groupname):`
			`"""`
Use gpasswd instead of usermod usermod also calls checkfn, which freaks out when root password has expired. gpasswd does exactly what we want and nothing more. 2018-07-03 17:34:57 -07:00			`Remove group from system if exists`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00			`"""`
			`try:`
			`grp.getgrnam(groupname)`
			`except KeyError:`
			`# Group doesn't exist, nothing to do`
			`return`

pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["delgroup", "--quiet", groupname])`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00

			`def ensure_user_group(username, groupname):`
			`"""`
			`Ensure given user is member of given group`

			`Group and User must already exist.`
			`"""`
			`group = grp.getgrnam(groupname)`
			`if username in group.gr_mem:`
			`return`

pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["gpasswd", "--add", username, groupname])`
Use classic unix users rather than systemd dynamic users Dynamic Users are neat and probably very useful for a tmpnb style situation. However, for regular use they have the following problems: 1. Can't set ProtectHome=no, so you can never apt install or similar from inside admin accounts. 2. Dynamic uid / gid makes it hard to write sudo rules. We want admin users to have sudo. 3. Persistent uids / gids are very useful for ad-hoc ACLs between users. gid sharing isn't the most flexible sharing mechanism, but it is well known & quite useful. 4. /etc/skel is pretty useful! 2018-06-26 23:30:06 -07:00

			`def remove_user_group(username, groupname):`
			`"""`
			`Ensure given user is not a member of given group`
			`"""`
			`group = grp.getgrnam(groupname)`
			`if username not in group.gr_mem:`
			`return`

pre-commit: run black with string normalization 2021-11-03 23:55:34 +01:00			`subprocess.check_call(["gpasswd", "--delete", username, groupname])`