User "Login shell" changed after upgrade from 23.1.11_1 to 23.7.1

Started by swed_net, August 14, 2023, 08:16:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 14, 2023, 08:16:24 PM Last Edit: August 14, 2023, 08:24:17 PM by swed_net
I have a user (non-root) that had login shell "/usr/local/bin/bash", after upgrade from 23.1.11_1 to 23.7.1 it was set to "/sbin/nologin".
Is this by design or did something went wrong ?
August 14, 2023, 09:24:35 PM #1
May be bash related, I checked on a FW with multiple users - admins but they only log in through https except for me - and they're still set for csh
August 15, 2023, 12:15:23 PM #2
Bash no longer installed perhaps?


Cheers,
Franco
August 15, 2023, 03:09:01 PM #3
I did the following:

1. Tried to login with shell:  /usr/local/bin/bash
Got following error message when tried to login with SSH: this account is currently not available

2. Changed user login shell in the gui to /bin/sh
Successfully logged in via SSH and manually started /usr/local/bin/bash
Got the correct bash prompt.

3. Again changed the users login shell to /usr/local/bin/bash in the gui.
Tried to login again and successfully logged in with SSH to the bash shell. Solved.

Could the manual launch of /usr/local/bin/bash in step 2 trigger it to come alive ?

August 15, 2023, 08:39:00 PM #4
> Could the manual launch of /usr/local/bin/bash in step 2 trigger it to come alive ?

Unlikely. And I don't have enough to reproduce.


Cheers,
Franco
September 06, 2023, 05:02:59 PM #5
I had the same issue. After a power outage WebUI didn't come up and couldn't SSH with my non-root user. Had to reboot opnsense to get WebUI back, then restore login shell.

You mention bash, which I recall may have been added by a plugin in 23.1? I think I had the same configuration.
September 06, 2023, 09:28:20 PM #6
I don't think removal is intended but it can happen when users don't make sure to manually install the bash package. If you try e.g. WireGuard it only then installs bash which you happen to use but if you remove it the bash will disappear as well.

We are not fans of Bash given the portability issues and complexity involved (POSIX shell is enough for what you need from a shell script really). And also for WireGuard core inclusion we managed to remove the bash dependency. That would be on 23.7.3 if you happen to use os-wireguard plugin...


Cheers,
Franco
September 07, 2023, 02:14:42 PM #7
Could a check be added to update that if a shell was configured before the update, that at least /bin/sh is configured afterwards?
September 07, 2023, 02:25:35 PM #8
Assuming bash is not there and you open the user page the selection defaults to /sbin/nologin for safety, but nothing happens unless you save this bad state. I don't see a spot where it force-changes the shell. And also pw-usermod accepts a non-existing shell which points to saving the wrong one too.

To be frank I don't want magic glue to revert to a functional shell because for administrative reasons the non-standard (non-core) shell is not found.


Cheers,
Franco
Print
Go Up Pages1
User actions