From 54b62df055fda613aa985ccd971968123c0ad113 Mon Sep 17 00:00:00 2001

From: Martin Babinsky <mbabinsk@redhat.com>

Date: Fri, 25 Sep 2015 18:00:30 +0200

Subject: [PATCH] do not overwrite files with local users/groups when restoring

 authconfig

the patch fixes regression in ipa-restore caused by overwriting /etc/passwd,

/etc/shadow and fiends during restore of authconfig configuration files. These

files are now excluded from authconfig backup dir.

https://fedorahosted.org/freeipa/ticket/5328

Reviewed-By: David Kupka <dkupka@redhat.com>

---

 ipaplatform/redhat/authconfig.py | 12 ++++++++++++

 1 file changed, 12 insertions(+)

diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py

index edefee8b2b4922ad67cdbac158615ef32c776bb4..7b06d583d8f8dba3df589edf73ec20f7b80c20a4 100644

--- a/ipaplatform/redhat/authconfig.py

+++ b/ipaplatform/redhat/authconfig.py

@@ -19,7 +19,9 @@

 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from ipapython import ipautil

+import os

+FILES_TO_NOT_BACKUP = ['passwd', 'group', 'shadow', 'gshadow']

 class RedHatAuthConfig(object):

     """

@@ -88,5 +90,15 @@ class RedHatAuthConfig(object):

     def backup(self, path):

         ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])

+        # do not backup these files since we don't want to mess with

+        # users/groups during restore. Authconfig doesn't seem to mind about

+        # having them deleted from backup dir

+        files_to_remove = [os.path.join(path, f) for f in FILES_TO_NOT_BACKUP]

+        for filename in files_to_remove:

+            try:

+                os.remove(filename)

+            except OSError:

+                pass

+

     def restore(self, path):

         ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])

-- 

2.4.3