From 43cf2fcceaa8a421624819ca89c2f5715453b074 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 17 Jan 2025 09:47:27 +0100
Subject: [PATCH] system: root shell is implicit #8221

---
 src/opnsense/scripts/auth/sync_user.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/scripts/auth/sync_user.php b/src/opnsense/scripts/auth/sync_user.php
index d5f60374a..bc8e10fe7 100755
--- a/src/opnsense/scripts/auth/sync_user.php
+++ b/src/opnsense/scripts/auth/sync_user.php
@@ -61,7 +61,7 @@ if (isset($opts['h']) || empty($opts['u'])) {
     $update_user = null;
     $userdb = [];
     foreach ($a_user as $userent) {
-        if (!empty($userent['shell'])) {
+        if (!empty($userent['shell']) && $userent['uid'] != 0) {
             /* only users with a shell account are allowed to have a local entry */
             $userdb[] = $userent['name'];
         }
@@ -76,6 +76,7 @@ if (isset($opts['h']) || empty($opts['u'])) {
             mwexecf('/usr/sbin/pw userdel -n %s', [$item[0]]);
         }
     }
+
     /* add or update when found */
     if ($update_user) {
         /* without a shell configured, local_user_set() will just return */