From 6adfac8bfcf1290a4057072190a68d7e8d513491 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Jul 2024 05:19:04 -0700 Subject: [PATCH] Prevent deletion of immutable users Currently the only situation where an immutable user is not also a builtin user is the root-alternative account (admin). It's a POLA violation to allow deletion of immutable account. --- src/middlewared/middlewared/plugins/account.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/middlewared/middlewared/plugins/account.py b/src/middlewared/middlewared/plugins/account.py index aa64fc6fe93b5..fb98257e2341b 100644 --- a/src/middlewared/middlewared/plugins/account.py +++ b/src/middlewared/middlewared/plugins/account.py @@ -927,6 +927,9 @@ def do_delete(self, audit_callback, pk, options): if user['builtin']: raise CallError('Cannot delete a built-in user', errno.EINVAL) + if user['immutable']: + raise CallError('Cannot delete an immutable user', errno.EINVAL) + self.middleware.call_sync('privilege.before_user_delete', user) if options['delete_group'] and not user['group']['bsdgrp_builtin']: