From 97007b9e3ddf93ed495d41bf18f90f51183d772b Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Tue, 26 Nov 2024 12:21:49 +0100
Subject: [PATCH] stages: run useradd, usermod, and passwd with --root

The useradd, usermod, and passwd commands support a `--root` option that
handles chroot-ing for the command.  In general, we prefer using this
option for commands that provide it and relying on the utility itself to
know how to set up the chroot in the way it needs.

The option has been available for these commands since 2011 [1] and it's
unclear why they weren't used originally.

The `mkhomedir_helper` command is still run using our Chroot context, so
the fix introduced in 9071cd0abbf8db059aa34e6cc21612da244e0684 is
unaffected.

[1] https://github.com/shadow-maint/shadow/blob/365279ea95a6c76021e2100e51e71b1991fea32b/ChangeLog#L1339
---
 stages/org.osbuild.users | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/stages/org.osbuild.users b/stages/org.osbuild.users
index 40392eeb..255d9280 100755
--- a/stages/org.osbuild.users
+++ b/stages/org.osbuild.users
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 import os
+import subprocess
 import sys
 
 import osbuild.api
@@ -48,8 +49,7 @@ def useradd(
     if expiredate is not None:
         arguments += ["--expiredate", str(expiredate)]
 
-    with Chroot(root) as chroot:
-        chroot.run(["useradd", *arguments, name], check=True)
+    subprocess.run(["useradd", "--root", root, *arguments, name], check=True)
 
 
 def usermod(root, name, gid=None, groups=None, description=None, home=None, shell=None, password=None, expiredate=None):
@@ -70,8 +70,7 @@ def usermod(root, name, gid=None, groups=None, description=None, home=None, shel
         arguments += ["--expiredate", str(expiredate)]
 
     if arguments:
-        with Chroot(root) as chroot:
-            chroot.run(["usermod", *arguments, name], check=True)
+        subprocess.run(["usermod", "--root", root, *arguments, name], check=True)
 
 
 def add_ssh_keys(root, user, keys):
@@ -130,8 +129,7 @@ def main(tree, options):
             useradd(tree, name, uid, gid, groups, description, home, shell, password, expiredate)
 
         if force_password_reset:
-            with Chroot(tree) as chroot:
-                chroot.run(["passwd", "--expire", name], check=True)
+            subprocess.run(["passwd", "--root", tree, "--expire", name], check=True)
 
         # following maintains backwards compatibility for handling a single ssh key
         key = user_options.get("key")   # Public SSH key