enh: accountInfo: add osh-only information for accounts

ovh · Dec 17, 2024 · 8729f97 · 8729f97
1 parent b4c7a04
commit 8729f97
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/bin/plugin/restricted/accountInfo b/bin/plugin/restricted/accountInfo
@@ -353,6 +353,11 @@ foreach my $accHash (@accounts) {
         $ret{'max_inactive_days'} =
           OVH::Bastion::account_config(account => $account, %{OVH::Bastion::OPT_ACCOUNT_MAX_INACTIVE_DAYS()})->value;
 
+        $ret{'osh_only'} = !!OVH::Bastion::account_config(
+            account => $account,
+            key     => OVH::Bastion::OPT_ACCOUNT_OSH_ONLY
+        ) + 0;
+
         if ($withPasswordInfo) {
             my @command = qw{ sudo -n -u root -- /usr/bin/env perl -T };
             push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountGetPasswordInfo';
@@ -525,6 +530,11 @@ sub print_account_info {
         }
     }
 
+    if (defined $ret{'osh_only'}) {
+        osh_info "\nThis account can only run commands (\"osh-only\"): "
+          . ($ret{'osh_only'} ? colored('yes', 'red') : colored('no', 'blue'));
+    }
+
     if (exists $ret{'ingress_piv_policy'} && exists $ret{'ingress_piv_grace'}) {
         osh_info "\nAccount PIV-only policy status:";
         my $ingress_piv_policy_print = $ret{'ingress_piv_policy'} || 'default';