NAS-131285 / 25.10 / Add API to migrate from root user #15441
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bugclerk
changed the title
This commit adds an API endpoint to migrate root user to one with the specified username and password combination. If password is omitted then the one currently used for root is preserved for the new admin account. Various root account parameters are migrated to the new admin account such as: * ssh keys * password enabled status * two factor authentication configuration and secret * email address * shell * home directory
yocalebo
changed the title
yocalebo
reviewed
Jan 30, 2025
| class UserMigrateRootArgs(BaseModel): | ||
| username: LocalUsername | ||
| """Username of new local user account to which to migration the root account. | ||
| NOTE: user account nust not exist.""" |
There was a problem hiding this comment.
Suggested change
| NOTE: user account nust not exist.""" | |
| NOTE: user account must not exist.""" |
| if filter_list(local_groups, [['group', '=', username]]): | ||
| raise CallError(f'{username!r} group already exists, setting up local administrator is not possible', | ||
| errno.EEXIST) | ||
| # This should be relatively invexpensive even though it's a job since we |
There was a problem hiding this comment.
Suggested change
| # This should be relatively invexpensive even though it's a job since we | |
| # This should be relatively inexpensive even though it's a job since we |
|
|
||
| os.chown(homedir, ADMIN_UID, ADMIN_GID) | ||
| os.chmod(homedir, 0o700) | ||
| home_copy_job = self.middleware.call_sync('user.do_home_copy', '/root', homedir, '700', ADMIN_UID) |
There was a problem hiding this comment.
Because this can take awhile, we should go ahead and print progress via the job object so we have some idea of what's going on. Probably should add job progress for the entirety of this method actually.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds an API endpoint to migrate root user to one with the specified username and password combination. If password is omitted then the one currently used for root is preserved for the new admin account. Various root account parameters are migrated to the new admin account such as: