Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 910758 - sys-apps/baselayout - include both /bin/bash and /usr/bin/bash in /etc/shells
Summary: sys-apps/baselayout - include both /bin/bash and /usr/bin/bash in /etc/shells
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo's Team for Core System packages
Depends on:
Blocks: usrmerge, usrmerge-fixes
  Show dependency tree
Reported: 2023-07-24 01:35 UTC by Rahil Bhimjiani
Modified: 2024-05-07 12:36 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Rahil Bhimjiani 2023-07-24 01:35:04 UTC
### Steps to reproduce:
1. Add USE "homed" to make.conf
2. Reemerge world set
3. Start systemd-homed.service & create brand new user with homectl
4. Try to login via tty/console
5. Pull your hair trying to figure out why wouldn't it work. Followed by enough research on pam that qualifies you for PhD on that. :-)

### Troubleshooting:
After 2 days of mind-boggling, unable to login & feeling like digital handicap, I finally pin pointed problem to following line in /etc/pam.d/system-login which was not letting me pass.

`auth		required`

Weird. Bash is already listed in /etc/shells. But its /bin/bash which is symlink to /usr/bin/bash (on my systemd-merged-usr profile). So the problem is systemd-homed doesn't allow to login from symlinked shells.

### Proper fix
Upto distro to decide. Option 1 and/or 2.
1. Request upstream systemd to allow login from symlinked shells. Unlikely to happen as they might reason with hardening measure for security.
2. Update sys-apps/baselayout and include all shells with /usr/ prefix (i.e. /usr/bin/bash)

### Quick workaround:
Add /usr/bin/bash to /etc/shells
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-07-24 01:38:34 UTC
Comment 2 Rahil Bhimjiani 2023-07-24 02:14:43 UTC
Is causing factor pam_shells or pam_systemd_home? 

If pam_shells then why shadow-users are allowed with /bin/bash and systemd-homed users arent?

So my noob guess is pam_shells is letting through homed-users but pam_systemd_home is probably also checking /etc/shells.
Comment 3 Rahil Bhimjiani 2023-07-24 09:38:36 UTC
Okay. Further troubleshooting. 

So culprit was, I was creating user with `homectl create username --shell=/usr/bin/bash` which is also technically correct and should allow to login. 

For normal shadow users `useradd --shell /usr/bin/bash testuser` will also prevent user from login. 

Final verdict: 
- Nothing to do with systemd 
- pam_shells doesn't consider /bin/bash & /usr/bin/bash as same
- /etc/shells from sys-apps/baselayout should include both variants (/bin/bash & /usr/bin/bash) to avoid such rare bugs. Debian & Fedora are also using both variants.
Comment 4 Rahil Bhimjiani 2023-09-20 08:36:13 UTC
Any update on this?
Comment 5 Mike Gilbert gentoo-dev 2023-09-24 22:10:27 UTC
I don't see anything to "fix" here. pam_shells is operating as intended, and users should use "/bin/bash" instead of "/usr/bin/bash".

If you insist on using /usr/bin/bash, you can always edit /etc/shells manually.
Comment 6 Mike Gilbert gentoo-dev 2024-02-21 16:05:14 UTC
I suppose listing /bin/bash and /usr/bin/bash in /etc/shells would not be harmful, so we can revisit this.