From 05e64ea45dedc7206f2054d9821c71d7dc94ef1b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 15 May 2024 06:19:42 +0900 Subject: home: fix ownership of files copied from skelton directory Fixes #32808. --- src/home/homework.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/home/homework.c b/src/home/homework.c index 7865772db2..af8bcd72a4 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -1059,12 +1059,13 @@ static int home_deactivate(UserRecord *h, bool force) { return 0; } -static int copy_skel(int root_fd, const char *skel) { +static int copy_skel(UserRecord *h, int root_fd, const char *skel) { int r; + assert(h); assert(root_fd >= 0); - r = copy_tree_at(AT_FDCWD, skel, root_fd, ".", UID_INVALID, GID_INVALID, COPY_MERGE|COPY_REPLACE, NULL, NULL); + r = copy_tree_at(AT_FDCWD, skel, root_fd, ".", h->uid, h->gid, COPY_MERGE|COPY_REPLACE, NULL, NULL); if (r == -ENOENT) { log_info("Skeleton directory %s missing, ignoring.", skel); return 0; @@ -1092,7 +1093,7 @@ int home_populate(UserRecord *h, int dir_fd) { assert(h); assert(dir_fd >= 0); - r = copy_skel(dir_fd, user_record_skeleton_directory(h)); + r = copy_skel(h, dir_fd, user_record_skeleton_directory(h)); if (r < 0) return r; -- cgit v1.2.3 From 82260fc4264a75dad54848325b573cf06e210b30 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 15 May 2024 06:34:43 +0900 Subject: test: add tests for "homectl --skel" --- test/units/TEST-46-HOMED.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/test/units/TEST-46-HOMED.sh b/test/units/TEST-46-HOMED.sh index ea718fa37c..61590a1fa4 100755 --- a/test/units/TEST-46-HOMED.sh +++ b/test/units/TEST-46-HOMED.sh @@ -44,6 +44,9 @@ systemctl service-log-level systemd-homed debug mkdir -p /home mount -t tmpfs tmpfs /home -o size=290M +TMP_SKEL=$(mktemp -d) +echo hogehoge >"$TMP_SKEL"/hoge + # we enable --luks-discard= since we run our tests in a tight VM, hence don't # needlessly pressure for storage. We also set the cheapest KDF, since we don't # want to waste CI CPU cycles on it. We also effectively disable rate-limiting on @@ -55,7 +58,8 @@ NEWPASSWORD=xEhErW0ndafV4s homectl create test-user \ --luks-pbkdf-type=pbkdf2 \ --luks-pbkdf-time-cost=1ms \ --rate-limit-interval=1s \ - --rate-limit-burst=1000 + --rate-limit-burst=1000 \ + --skel="$TMP_SKEL" inspect test-user PASSWORD=xEhErW0ndafV4s homectl authenticate test-user @@ -211,6 +215,8 @@ PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- rm /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz (! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz) +[[ $(PASSWORD=xEhErW0ndafV4s homectl with test-user -- stat -c %U /home/test-user/hoge) == "test-user" ]] +[[ $(PASSWORD=xEhErW0ndafV4s homectl with test-user -- cat /home/test-user/hoge) == "$(cat "$TMP_SKEL"/hoge)" ]] # Regression tests wait_for_state test-user inactive -- cgit v1.2.3