add forbidden users to preven collisons with system users

2025-12-06 19:41:38 +01:00 · 2021-08-31 01:01:44 +02:00
parent e90cec3e52
commit 91311a2662
1 changed files with 9 additions and 0 deletions
--- a/server.py
+++ b/server.py
@@ -25,6 +25,11 @@ HTTP_INTERNAL_ERR   = 500
 HTTP_EMPTY          = 204
 EMPTY               = ""

+FORBIDDEN_USERNAMES = ["root", "bin", "daemon", "sys", "sync", "games", "man", "news", "uucp", 
+                        "proxy", "www-data", "backup", "list", "irc", "gnats", "nobody", "_apt",
+                        "systemd-timesync", "systemd-network", "systemd-resolve", "messagebus",
+                        "docker", "nginx" , "sshd", "flask"]
+
 # unix useradd requires exactly this salt, do not change
 PAM_PASSWD_SALT = "22"

@@ -82,6 +87,10 @@ def createUser(webform):
    if error:
        return error

+    # forbid system users
+    if username in FORBIDDEN_USERNAMES:
+        return "Error: Username {} is forbidden because it is a special user.".format(username)
+
    subprocess.run(["/usr/bin/sudo", "./scripts/create_user.sh", cryptPass, username])

    # track added users to prevent deletion of other users and listing #