do not overwrite files with local users/groups when restoring authconfig

the patch fixes regression in ipa-restore caused by overwriting /etc/passwd,
/etc/shadow and fiends during restore of authconfig configuration files. These
files are now excluded from authconfig backup dir.

https://fedorahosted.org/freeipa/ticket/5328

Reviewed-By: David Kupka <dkupka@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py
index edefee8b2..7b06d583d 100644
--- a/ipaplatform/redhat/authconfig.py
+++ b/ipaplatform/redhat/authconfig.py
@@ -19,7 +19,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipapython import ipautil
+import os
 
+FILES_TO_NOT_BACKUP = ['passwd', 'group', 'shadow', 'gshadow']
 
 class RedHatAuthConfig(object):
     """
@@ -88,5 +90,15 @@ class RedHatAuthConfig(object):
     def backup(self, path):
         ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])
 
+        # do not backup these files since we don't want to mess with
+        # users/groups during restore. Authconfig doesn't seem to mind about
+        # having them deleted from backup dir
+        files_to_remove = [os.path.join(path, f) for f in FILES_TO_NOT_BACKUP]
+        for filename in files_to_remove:
+            try:
+                os.remove(filename)
+            except OSError:
+                pass
+
     def restore(self, path):
         ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])