From ad9c6dc0b0f5477535b1cc2a9cb8627aaffe30db Mon Sep 17 00:00:00 2001 From: Filipp Lepalaan Date: Tue, 8 Aug 2017 15:49:07 +0300 Subject: Added root checks to some dscl functions --- machammer/users.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/machammer/users.py b/machammer/users.py index 0066454..623556c 100644 --- a/machammer/users.py +++ b/machammer/users.py @@ -16,6 +16,7 @@ def dscl(*args): def get_info(username): + """Return info about a user""" path = '/Users/' + username s = check_output('/usr/bin/dscl', '-plist', '.', 'read', path) return plistlib.readPlistFromString(s) @@ -52,6 +53,8 @@ def remove_login_item(**kwargs): def create_user(realname, password, username=None, uid=None, gid=20): """Create a user account.""" + assert os.getuid() == 0, "Only root can create users" + if uid is None: uid = nextid() @@ -90,6 +93,8 @@ def hide_user(username, hide_home=True): def delete_user(username, delete_home=True): """Delete a user account.""" + assert os.getuid() == 0, "Only root can delete users" + path = '/Users/' + username userinfo = get_info(username) @@ -103,4 +108,6 @@ def delete_user(username, delete_home=True): def make_admin(username): """Give admin rights to username.""" + assert os.getuid() == 0, "Only root can modify users" + dscl('-append', '/Groups/admin', 'users', username) -- cgit v1.2.3