Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define HOME_BASEDIR node variable #772

Merged
merged 5 commits into from
Jan 17, 2025
Merged

Define HOME_BASEDIR node variable #772

merged 5 commits into from
Jan 17, 2025

Conversation

DavidePrincipi
Copy link
Member

@DavidePrincipi DavidePrincipi commented Dec 16, 2024
edited
Loading

  • Customize the base directory where user's home is created by useradd with a node agent helper command: configure-home-basedir

  • On SELinux the directory must be equivalent of /home, the helper command takes care of SELinux configurations.

  • The HOME_BASEDIR directory must exist, otherwise the add-module action fails.

The helper command validates the DIR argument before configuring HOME_BASEDIR node environment variable with it. The checks are:

  1. DIR must resolve to a filesytem path with no symlink components (validate_home_basedir).
  2. DIR must be world-readable in all its path components (check_permissions).
  3. DIR must be a device mountpoint. The device must not have other mountpoints (check_unique_mountpoint).

If all checks are successful, and the system has SELinux, the SELinux configuration is updated, as documented in selinux-fcontext manpage (update_selinux_customization).

  • ['semanage', 'fcontext', '-a', '-e', '/home', path] make "path" an equivalent of /home.
  • fix its label

Furthermore, if the configured path has a parent with type default_t, configure it too (update_parentdir_selinux_type), as required by semanage docs.

Tested with:

  • /home1
  • /var/lib/nethserver/home

Refs NethServer/dev#7249

@DavidePrincipi
Define HOME_BASEDIR node variable
6d931f5 
- Customize the base directory where user's home is created by useradd.

- The directory must exist, otherwise the custom setting is ignored.

- On SELinux the directory must be equivalent of /home.
@DavidePrincipi DavidePrincipi self-assigned this Jan 13, 2025
@DavidePrincipi DavidePrincipi requested a review from Amygos January 13, 2025 14:28
@DavidePrincipi DavidePrincipi marked this pull request as ready for review January 13, 2025 14:28
@DavidePrincipi DavidePrincipi requested review from gsanchietti and removed request for Amygos and gsanchietti January 13, 2025 14:28
@DavidePrincipi DavidePrincipi marked this pull request as draft January 14, 2025 07:42
@DavidePrincipi
Copy link
Member Author

As @gsanchietti suggests, besides the docs, a helper script is handy in this case.

@DavidePrincipi DavidePrincipi marked this pull request as ready for review January 14, 2025 18:41
Amygos
Amygos approved these changes Jan 16, 2025
View reviewed changes
core/imageroot/var/lib/nethserver/node/bin/configure-home-basedir Outdated
Comment on lines 35 to 42
if args.DIR == "" and not args.check_only:
agent.unset_env('HOME_BASEDIR')
print("The base path for home directories has been reset to OS default.")
else:
home_basedir = validate_home_basedir(args.DIR)
if not args.check_only:
store_configuration(home_basedir)
print("The base path for home directories has been updated.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, it is safer if we add an extra flag to reset the configuration of the path to the system one, eg. -r.

@DavidePrincipi DavidePrincipi requested a review from Amygos January 17, 2025 15:50
@DavidePrincipi DavidePrincipi merged commit 302870f into main Jan 17, 2025
2 checks passed
@DavidePrincipi DavidePrincipi deleted the feat-basedir branch January 17, 2025 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amygos Amygos Amygos approved these changes

@gsanchietti gsanchietti gsanchietti approved these changes

Assignees

@DavidePrincipi DavidePrincipi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DavidePrincipi @Amygos @gsanchietti