lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 16:14:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

system: try not to taint the root shell

Browse Source 
If someone strips root of the admin privilege don't try
to pry away the root shell as well.  None of this really
works well in practice.
This commit is contained in:
Franco Fichtner 2023-11-29 12:26:42 +01:00
parent a0581ae0f6
commit 829ae3dd9a
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/etc/inc/auth.inc
View File

@ -349,16 +349,10 @@ function local_user_set(&$user, $force_password = false, $userattrs = null)
$user_group = 'wheel';
$user_home = '/root';
} else {
$user_shell = isset($user['shell']) ? $user['shell'] : '/usr/sbin/nologin';
$is_admin = userIsAdmin($user['name']);
$user_shell = $is_admin && isset($user['shell']) ? $user['shell'] : '/usr/sbin/nologin';
$user_group = $is_admin ? 'wheel' : 'nobody';
$user_home = "/home/{$user_name}";
$user_group = 'nobody';
}
/* admins access gives wheely rights */
if (userIsAdmin($user['name'])) {
$user_group = 'wheel';
} else {
$user_shell = '/usr/sbin/nologin';
}
// XXX: primary group id can only be wheel or nobody, otherwise we should map the correct numbers for comparison