diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-02-07 18:11:18 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-02-12 11:34:00 +0100 |
| commit | 7cb609115c532c3591d43a604d67d72e508ba5d9 (patch) | |
| tree | 9ae525a7577060171a19ea63f6faa406dd77906a /src/basic/user-util.c | |
| parent | core: update dbus policy file (diff) | |
| download | systemd-7cb609115c532c3591d43a604d67d72e508ba5d9.tar.xz systemd-7cb609115c532c3591d43a604d67d72e508ba5d9.zip | |
user-util: also consider /bin/false and /bin/true as non-shell
Diffstat (limited to 'src/basic/user-util.c')
| -rw-r--r-- | src/basic/user-util.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/basic/user-util.c b/src/basic/user-util.c index db18ee31c0..ceb71b61e8 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -197,6 +197,25 @@ int get_user_creds( return 0; } +static inline bool is_nologin_shell(const char *shell) { + + return PATH_IN_SET(shell, + /* 'nologin' is the friendliest way to disable logins for a user account. It prints a nice + * message and exits. Different distributions place the binary at different places though, + * hence let's list them all. */ + "/bin/nologin", + "/sbin/nologin", + "/usr/bin/nologin", + "/usr/sbin/nologin", + /* 'true' and 'false' work too for the same purpose, but are less friendly as they don't do + * any message printing. Different distributions place the binary at various places but at + * least not in the 'sbin' directory. */ + "/bin/false", + "/usr/bin/false", + "/bin/true", + "/usr/bin/true"); +} + int get_user_creds_clean( const char **username, uid_t *uid, gid_t *gid, @@ -212,11 +231,7 @@ int get_user_creds_clean( return r; if (shell && - (isempty(*shell) || PATH_IN_SET(*shell, - "/bin/nologin", - "/sbin/nologin", - "/usr/bin/nologin", - "/usr/sbin/nologin"))) + (isempty(*shell) || is_nologin_shell(*shell))) *shell = NULL; if (home && |