Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#33677 - [filesystem] /usr/bin/bash not listed as an allowed user shell in /etc/shells

Attached to Project: Arch Linux
Opened by Vladimir Vrzić (random) - Saturday, 02 February 2013, 16:53 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 03 February 2013, 12:14 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tom Gundersen (tomegun)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

bash is by default installed as /usr/bin/bash, with a symlink in /bin, but /usr/bin/bash is not listed as a valid user shell in /etc/shells by default.

Since /usr/bin is before /bin in the default PATH, if one adds a user with a command like

# useradd [...] -s $(which bash) myuser

this user will be unable to login from system console (or via any PAM path that uses pam_shells.so)


Additional info:

/etc/shells from filesystem 2013.01-3


Steps to reproduce:

Create a new user with a shell of /usr/bin/bash:

useradd -m -g users -s /usr/bin/bash testuser

or

useradd -m -g users -s $(which bash) testuser

and try to login on tty1.
This task depends upon

Closed by  Gaetan Bisson (vesath)
Sunday, 03 February 2013, 12:14 GMT
Reason for closing:  Not a bug
Comment by Vladimir Vrzić (random) - Saturday, 02 February 2013, 20:13 GMT
The other side of the story is that ssh logins are not affected -- sshd (and su, too) PAM config does _not_ check if the user's shell is listed. From the security standpoint, this could be an issue.
Comment by Gaetan Bisson (vesath) - Sunday, 03 February 2013, 08:15 GMT
The default login shell defined in /etc/default/useradd is in /etc/shells but you should assume nothing more: if you run useradd with custom arguments, it is up to you to ensure they are valid by customizing our minimalistic /etc/shells and possibly other configuration files.
Comment by Vladimir Vrzić (random) - Sunday, 03 February 2013, 11:54 GMT
Gaetan, would you care to explain to me, as someone new to Arch, the rationale behind these defaults?

Concretely, why is bash installed as /usr/bin/bash and then symlinked from /bin, while zsh exists only as /bin/zsh?

Second, why is some of the default /etc/pam.d/* configuration structured, but most is not? For example, what's the purpose of a config file named /etc/pam.d/system-remote-login in the base install? sshd config does not include it -- actually, no PAM config file in the base includes it.
Comment by Gaetan Bisson (vesath) - Sunday, 03 February 2013, 12:13 GMT
Sorry but this bug tracker is not the place for general questions such as these. Please seek help:
- in the forums: https://bbs.archlinux.org/
- or on IRC: https://wiki.archlinux.org/index.php/IRC_Channel

Loading...