diff options
author | Nikita Kosenkov <NKosenkov@IBS.RU> | 2022-09-02 18:02:38 +0300 |
---|---|---|
committer | Nikita Kosenkov <NKosenkov@IBS.RU> | 2022-09-02 18:02:38 +0300 |
commit | a42a48acf811b9536cdc01635a6b8f342a34655e (patch) | |
tree | 10fe722790f22aa334c51d2019633a135ce7de60 /meta-ibs/meta-common/recipes-phosphor/users | |
parent | 8b95d0e092a55e28b933767b92130203a3dbaf09 (diff) | |
download | openbmc-a42a48acf811b9536cdc01635a6b8f342a34655e.tar.xz |
SILABMC-283: phosphor-user-manager: Remove all groups for user with priv-noaccess
Diffstat (limited to 'meta-ibs/meta-common/recipes-phosphor/users')
2 files changed, 45 insertions, 0 deletions
diff --git a/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch new file mode 100644 index 0000000000..4b765ee6f9 --- /dev/null +++ b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch @@ -0,0 +1,40 @@ +From db61e3c467904113ac296aeb0e976086a5cdd5a1 Mon Sep 17 00:00:00 2001 +From: Nikita Kosenkov <NKosenkov@IBS.RU> +Date: Fri, 2 Sep 2022 16:44:30 +0300 +Subject: [PATCH] Remove all groups for user with priv-noaccess + +--- + user_mgr.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/user_mgr.cpp b/user_mgr.cpp +index a5ecb8f..972f943 100644 +--- a/user_mgr.cpp ++++ b/user_mgr.cpp +@@ -308,6 +308,11 @@ void UserMgr::createUser(std::string userName, + std::string groups = getCSVFromVector(groupNames); + bool sshRequested = removeStringFromCSV(groups, grpSsh); + ++ if (priv.empty() || (priv == "priv-noaccess")) ++ { ++ groups = ""; ++ } ++ + // treat privilege as a group - This is to avoid using different file to + // store the same. + if (!priv.empty()) +@@ -435,6 +440,11 @@ void UserMgr::updateGroupsAndPriv(const std::string& userName, + std::string groups = getCSVFromVector(groupNames); + bool sshRequested = removeStringFromCSV(groups, grpSsh); + ++ if (priv.empty() || (priv == "priv-noaccess")) ++ { ++ groups = ""; ++ } ++ + // treat privilege as a group - This is to avoid using different file to + // store the same. + if (!priv.empty()) +-- +2.35.1 + diff --git a/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend new file mode 100644 index 0000000000..658fe27f10 --- /dev/null +++ b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS:append := "${THISDIR}/${PN}:" + +SRC_URI:append = " \ + file://0001-Remove-all-groups-for-user-with-priv-noaccess.patch \ + "
\ No newline at end of file |