napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

don't set default "users" group on home dirs

Browse Source 
Fixes CAL-345.

Changing group of home dir to the default "users" group might be a security risk
because every user which belongs to the default "users" group
might be able to access private data on home dirs of other users.
This commit is contained in:
codeworkx 2015-11-17 21:55:50 +01:00
parent 3f440ccb5a
commit b412937699
7 changed files with 5 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/modules/users/CreateUserJob.cpp
View File

@ -33,13 +33,11 @@
CreateUserJob::CreateUserJob( const QString& userName, CreateUserJob::CreateUserJob( const QString& userName,
const QString& fullName, const QString& fullName,
bool autologin, bool autologin,
const QString& userGroup,
const QStringList& defaultGroups ) const QStringList& defaultGroups )
: Calamares::Job() : Calamares::Job()
, m_userName( userName ) , m_userName( userName )
, m_fullName( fullName ) , m_fullName( fullName )
, m_autologin( autologin ) , m_autologin( autologin )
, m_userGroup( userGroup )
, m_defaultGroups( defaultGroups ) , m_defaultGroups( defaultGroups )
{ {
} }
@ -151,7 +149,7 @@ CreateUserJob::exec()
targetEnvCall( { "chown", targetEnvCall( { "chown",
"-R", "-R",
QString( "%1:%2" ).arg( m_userName ) QString( "%1:%2" ).arg( m_userName )
.arg( m_userGroup ), .arg( m_userName ),
QString( "/home/%1" ).arg( m_userName ) } ); QString( "/home/%1" ).arg( m_userName ) } );
if ( ec ) if ( ec )
return Calamares::JobResult::error( tr( "Cannot set home directory ownership for user %1." ) return Calamares::JobResult::error( tr( "Cannot set home directory ownership for user %1." )

2
src/modules/users/CreateUserJob.h
View File

@ -30,7 +30,6 @@ public:
CreateUserJob( const QString& userName, CreateUserJob( const QString& userName,
const QString& fullName, const QString& fullName,
bool autologin, bool autologin,
const QString& userGroup,
const QStringList& defaultGroups ); const QStringList& defaultGroups );
QString prettyName() const override; QString prettyName() const override;
QString prettyDescription() const override; QString prettyDescription() const override;
@ -41,7 +40,6 @@ private:
QString m_userName; QString m_userName;
QString m_fullName; QString m_fullName;
bool m_autologin; bool m_autologin;
QString m_userGroup;
QStringList m_defaultGroups; QStringList m_defaultGroups;
}; };

3
src/modules/users/UsersPage.cpp
View File

@ -105,7 +105,7 @@ UsersPage::isReady()
QList< Calamares::job_ptr > QList< Calamares::job_ptr >
UsersPage::createJobs( const QString& defaultUserGroup, const QStringList& defaultGroupsList ) UsersPage::createJobs( const QStringList& defaultGroupsList )
{ {
QList< Calamares::job_ptr > list; QList< Calamares::job_ptr > list;
if ( !isReady() ) if ( !isReady() )
@ -117,7 +117,6 @@ UsersPage::createJobs( const QString& defaultUserGroup, const QStringList& defau
ui->textBoxUsername->text() : ui->textBoxUsername->text() :
ui->textBoxFullName->text(), ui->textBoxFullName->text(),
ui->checkBoxAutoLogin->isChecked(), ui->checkBoxAutoLogin->isChecked(),
defaultUserGroup,
defaultGroupsList ); defaultGroupsList );
list.append( Calamares::job_ptr( j ) ); list.append( Calamares::job_ptr( j ) );

3
src/modules/users/UsersPage.h
View File

@ -40,8 +40,7 @@ public:
bool isReady(); bool isReady();
QList< Calamares::job_ptr > createJobs( const QString& defaultUserGroup, QList< Calamares::job_ptr > createJobs( const QStringList& defaultGroupsList );
const QStringList& defaultGroupsList );
void onActivate(); void onActivate();

10
src/modules/users/UsersViewStep.cpp
View File

@ -115,21 +115,13 @@ UsersViewStep::onLeave()
{ {
m_jobs.clear(); m_jobs.clear();
m_jobs.append( m_widget->createJobs( m_userGroup, m_defaultGroups ) ); m_jobs.append( m_widget->createJobs( m_defaultGroups ) );
} }
void void
UsersViewStep::setConfigurationMap( const QVariantMap& configurationMap ) UsersViewStep::setConfigurationMap( const QVariantMap& configurationMap )
{ {
if ( configurationMap.contains( "userGroup" ) &&
configurationMap.value( "userGroup" ).type() == QVariant::String )
{
m_userGroup = configurationMap.value( "userGroup" ).toString();
}
if ( m_userGroup.isEmpty() )
m_userGroup = QStringLiteral( "users" );
if ( configurationMap.contains( "defaultGroups" ) && if ( configurationMap.contains( "defaultGroups" ) &&
configurationMap.value( "defaultGroups" ).type() == QVariant::List ) configurationMap.value( "defaultGroups" ).type() == QVariant::List )
{ {

1
src/modules/users/UsersViewStep.h
View File

@ -62,7 +62,6 @@ private:
UsersPage* m_widget; UsersPage* m_widget;
QList< Calamares::job_ptr > m_jobs; QList< Calamares::job_ptr > m_jobs;
QString m_userGroup;
QStringList m_defaultGroups; QStringList m_defaultGroups;
}; };

2
src/modules/users/users.conf
View File

@ -1,6 +1,6 @@
--- ---
userGroup: users
defaultGroups: defaultGroups:
- users
- lp - lp
- video - video
- network - network