From 91311a2662190bec3d6113fe0f9fa2389492f561 Mon Sep 17 00:00:00 2001
From: Yannik Schmidt <yannik.schmidt@thermoscan.de>
Date: Tue, 31 Aug 2021 01:01:44 +0200
Subject: [PATCH] add forbidden users to preven collisons with system users

---
 server.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/server.py b/server.py
index 8d6af98..56c1b48 100755
--- a/server.py
+++ b/server.py
@@ -25,6 +25,11 @@ HTTP_INTERNAL_ERR   = 500
 HTTP_EMPTY          = 204
 EMPTY               = ""
 
+FORBIDDEN_USERNAMES = ["root", "bin", "daemon", "sys", "sync", "games", "man", "news", "uucp", 
+                        "proxy", "www-data", "backup", "list", "irc", "gnats", "nobody", "_apt",
+                        "systemd-timesync", "systemd-network", "systemd-resolve", "messagebus",
+                        "docker", "nginx" , "sshd", "flask"]
+
 # unix useradd requires exactly this salt, do not change
 PAM_PASSWD_SALT = "22"
 
@@ -82,6 +87,10 @@ def createUser(webform):
     if error:
         return error
 
+    # forbid system users
+    if username in FORBIDDEN_USERNAMES:
+        return "Error: Username {} is forbidden because it is a special user.".format(username)
+
     subprocess.run(["/usr/bin/sudo", "./scripts/create_user.sh", cryptPass, username])
 
     # track added users to prevent deletion of other users and listing #