Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#33677 - [filesystem] /usr/bin/bash not listed as an allowed user shell in /etc/shells

Attached to Project: Arch Linux
Opened by Vladimir Vrzić (random) - Saturday, 02 February 2013, 16:53 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Thursday, 14 October 2021, 21:59 GMT
Task Type Bug Report
Category Packages: Core
Status Assigned   Reopened
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 3
Private No



bash is by default installed as /usr/bin/bash, with a symlink in /bin, but /usr/bin/bash is not listed as a valid user shell in /etc/shells by default.

Since /usr/bin is before /bin in the default PATH, if one adds a user with a command like

# useradd [...] -s $(which bash) myuser

this user will be unable to login from system console (or via any PAM path that uses

Additional info:

/etc/shells from filesystem 2013.01-3

Steps to reproduce:

Create a new user with a shell of /usr/bin/bash:

useradd -m -g users -s /usr/bin/bash testuser


useradd -m -g users -s $(which bash) testuser

and try to login on tty1.
This task depends upon

Comment by Vladimir Vrzić (random) - Saturday, 02 February 2013, 20:13 GMT
The other side of the story is that ssh logins are not affected -- sshd (and su, too) PAM config does _not_ check if the user's shell is listed. From the security standpoint, this could be an issue.
Comment by Gaetan Bisson (vesath) - Sunday, 03 February 2013, 08:15 GMT
The default login shell defined in /etc/default/useradd is in /etc/shells but you should assume nothing more: if you run useradd with custom arguments, it is up to you to ensure they are valid by customizing our minimalistic /etc/shells and possibly other configuration files.
Comment by Vladimir Vrzić (random) - Sunday, 03 February 2013, 11:54 GMT
Gaetan, would you care to explain to me, as someone new to Arch, the rationale behind these defaults?

Concretely, why is bash installed as /usr/bin/bash and then symlinked from /bin, while zsh exists only as /bin/zsh?

Second, why is some of the default /etc/pam.d/* configuration structured, but most is not? For example, what's the purpose of a config file named /etc/pam.d/system-remote-login in the base install? sshd config does not include it -- actually, no PAM config file in the base includes it.
Comment by Gaetan Bisson (vesath) - Sunday, 03 February 2013, 12:13 GMT
Sorry but this bug tracker is not the place for general questions such as these. Please seek help:
- in the forums:
- or on IRC:
Comment by Steve Ward (planet36) - Thursday, 14 October 2021, 21:58 GMT
man 5 shells says
/etc/shells is a text file which contains the full pathnames of valid login shells.

If "full pathname" means the resolved absolute path, then /usr/bin/bash should be in /etc/shells.
Comment by Sébastien Luttringer (seblu) - Monday, 06 December 2021, 23:00 GMT
Sure, but what make you think « full » means « resolved »? Full generally means absolute path as opposed to relative.
Comment by Steve Ward (planet36) - Tuesday, 07 December 2021, 13:48 GMT
That's a good point. I presumed if they meant absolute path, they would've written "absolute" instead of "full".

I couldn't find a definition for "full pathname", but from reading the man page for bash, it seems like "full pathname" is synonymous with "absolute pathname".
Comment by Steve Ward (planet36) - Wednesday, 08 December 2021, 13:30 GMT
Regardless of "full" vs "absolute" vs "resolved", these facts remain:
1) /bin is not in the default $PATH of the current official Arch ISO image (2021.12.01)
2) /usr/bin/bash is _the_ default full pathname of bash in Arch. [0]