Summary: | sys-apps/baselayout - include both /bin/bash and /usr/bin/bash in /etc/shells | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Rahil Bhimjiani <me> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | eschwartz, gentoo, kfm, me, sam, stffn.mobil |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/shadow-maint/shadow/issues/817 https://bugs.gentoo.org/show_bug.cgi?id=919749 https://bugs.gentoo.org/show_bug.cgi?id=937941 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 690294 |
Description
Rahil Bhimjiani
2023-07-24 01:35:04 UTC
Huh. Is causing factor pam_shells or pam_systemd_home? If pam_shells then why shadow-users are allowed with /bin/bash and systemd-homed users arent? So my noob guess is pam_shells is letting through homed-users but pam_systemd_home is probably also checking /etc/shells. Okay. Further troubleshooting. So culprit was, I was creating user with `homectl create username --shell=/usr/bin/bash` which is also technically correct and should allow to login. For normal shadow users `useradd --shell /usr/bin/bash testuser` will also prevent user from login. Final verdict: - Nothing to do with systemd - pam_shells doesn't consider /bin/bash & /usr/bin/bash as same - /etc/shells from sys-apps/baselayout should include both variants (/bin/bash & /usr/bin/bash) to avoid such rare bugs. Debian & Fedora are also using both variants. Any update on this? I don't see anything to "fix" here. pam_shells is operating as intended, and users should use "/bin/bash" instead of "/usr/bin/bash". If you insist on using /usr/bin/bash, you can always edit /etc/shells manually. I suppose listing /bin/bash and /usr/bin/bash in /etc/shells would not be harmful, so we can revisit this. After appending '/usr/bin/bash' to '/etc/shells' I'm not able to login with my password the first time ('login incorrect'), but when I enter my username a second time and hit enter I log in instantly without my password. After a logout I can enter my username and password as expected and log in. This happens for both users with '--shell {/bin/bash,/usr/bin/bash}' |