From: Lennart Poettering Date: Wed, 7 Feb 2018 17:11:18 +0000 (+0100) Subject: user-util: also consider /bin/false and /bin/true as non-shell X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=7db510fe3be07ec1c3d7ba4728f57418a0f85278;p=elogind.git user-util: also consider /bin/false and /bin/true as non-shell --- diff --git a/src/basic/user-util.c b/src/basic/user-util.c index defc30ba9..3cde7a0f2 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -199,6 +199,25 @@ int get_user_creds( return 0; } +static inline bool is_nologin_shell(const char *shell) { + + return PATH_IN_SET(shell, + /* 'nologin' is the friendliest way to disable logins for a user account. It prints a nice + * message and exits. Different distributions place the binary at different places though, + * hence let's list them all. */ + "/bin/nologin", + "/sbin/nologin", + "/usr/bin/nologin", + "/usr/sbin/nologin", + /* 'true' and 'false' work too for the same purpose, but are less friendly as they don't do + * any message printing. Different distributions place the binary at various places but at + * least not in the 'sbin' directory. */ + "/bin/false", + "/usr/bin/false", + "/bin/true", + "/usr/bin/true"); +} + #if 0 /// UNNEEDED by elogind int get_user_creds_clean( const char **username, @@ -215,11 +234,7 @@ int get_user_creds_clean( return r; if (shell && - (isempty(*shell) || PATH_IN_SET(*shell, - "/bin/nologin", - "/sbin/nologin", - "/usr/bin/nologin", - "/usr/sbin/nologin"))) + (isempty(*shell) || is_nologin_shell(*shell))) *shell = NULL; if (home &&