Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: swed_net on August 14, 2023, 08:16:24 PM

Title: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: swed_net on August 14, 2023, 08:16:24 PM
I have a user (non-root) that had login shell "/usr/local/bin/bash", after upgrade from 23.1.11_1 to 23.7.1 it was set to "/sbin/nologin".
Is this by design or did something went wrong ?
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: newsense on August 14, 2023, 09:24:35 PM
May be bash related, I checked on a FW with multiple users - admins but they only log in through https except for me - and they're still set for csh
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: franco on August 15, 2023, 12:15:23 PM
Bash no longer installed perhaps?


Cheers,
Franco
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: swed_net on August 15, 2023, 03:09:01 PM
I did the following:

1. Tried to login with shell:  /usr/local/bin/bash
Got following error message when tried to login with SSH: this account is currently not available

2. Changed user login shell in the gui to /bin/sh
Successfully logged in via SSH and manually started /usr/local/bin/bash
Got the correct bash prompt.

3. Again changed the users login shell to /usr/local/bin/bash in the gui.
Tried to login again and successfully logged in with SSH to the bash shell. Solved.

Could the manual launch of /usr/local/bin/bash in step 2 trigger it to come alive ?

Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: franco on August 15, 2023, 08:39:00 PM
> Could the manual launch of /usr/local/bin/bash in step 2 trigger it to come alive ?

Unlikely. And I don't have enough to reproduce.


Cheers,
Franco
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: CanadaGuy on September 06, 2023, 05:02:59 PM
I had the same issue. After a power outage WebUI didn't come up and couldn't SSH with my non-root user. Had to reboot opnsense to get WebUI back, then restore login shell.

You mention bash, which I recall may have been added by a plugin in 23.1? I think I had the same configuration.
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: franco on September 06, 2023, 09:28:20 PM
I don't think removal is intended but it can happen when users don't make sure to manually install the bash package. If you try e.g. WireGuard it only then installs bash which you happen to use but if you remove it the bash will disappear as well.

We are not fans of Bash given the portability issues and complexity involved (POSIX shell is enough for what you need from a shell script really). And also for WireGuard core inclusion we managed to remove the bash dependency. That would be on 23.7.3 if you happen to use os-wireguard plugin...


Cheers,
Franco
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: CanadaGuy on September 07, 2023, 02:14:42 PM
Could a check be added to update that if a shell was configured before the update, that at least /bin/sh is configured afterwards?
Title: Re: User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1
Post by: franco on September 07, 2023, 02:25:35 PM
Assuming bash is not there and you open the user page the selection defaults to /sbin/nologin for safety, but nothing happens unless you save this bad state. I don't see a spot where it force-changes the shell. And also pw-usermod accepts a non-existing shell which points to saving the wrong one too.

To be frank I don't want magic glue to revert to a functional shell because for administrative reasons the non-standard (non-core) shell is not found.


Cheers,
Franco
Text only | Text with Images