Root home fallback for keep users
#47467
Conversation
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
…ome directory already exists
eriktate
force-pushed
the
eriktate/allow-keep-user-creation-without-home
branch
from
badc90c
to
65402a6
Compare
There was a problem hiding this comment.
Instead of modifying the existing users home directory, can we leave it as is, but instead of starting a session in /home/user, start it in / like we seem to already do in some cases: https://github.com/gravitational/teleport/blob/master/lib/srv/reexec.go#L1049-L1064?
For the path where we potentially convert an existing user into a |
The end goal is to have the new managed user be created, access to the host to be permitted, and eventually after some manual intervention own the pre-existing home directory. As is stands now with this PR, there is no warning to users that their home directory is/was inaccessible by the newly provisioned user and that we decided to make their home directory |
|
Closing this in favor of #47524 |
This PR falls back to using the root file path as a user's home directory in the case that their expected home directory already exists. This should prevent situations where a user that gets deleted and reprovisioned with a different UID/GID combo is unable to be used as a login for the host.
changelog: Fixed an issue preventing connections when using a newly provisioned host user whose home directory already existed.