system: allow shell selection for user, prepped a long time ago #2154

2026-03-13 16:14:40 +00:00 · 2018-02-04 19:24:47 +00:00 · 2018-02-04 19:24:47 +00:00 · c8bdf3e92f
commit c8bdf3e92f
parent e09dc8c91a
2 changed files with 39 additions and 2 deletions
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@ -356,6 +356,24 @@ function userHasPrivilege($userent, $privid = false)
    return true;
 }

+function auth_get_shells()
+{
+    $shells = array('' => '/sbin/nologin');
+
+    $etc_shells = @file_get_contents('/etc/shells');
+    if (!empty($etc_shells)) {
+        $etc_shells = explode("\n", $etc_shells);
+        foreach ($etc_shells as $shell) {
+            $shell = trim($shell);
+            if (!empty($shell) && strpos($shell, '#') !== 0) {
+                $shells[$shell] = $shell;
+            }
+        }
+    }
+
+    return $shells;
+}
+
 function local_sync_accounts()
 {
    global $config;
@ -426,7 +444,7 @@ function local_user_set(&$user, $force_password = false)
    $user_name = $user['name'];
    $user_pass = $user['password'];
    $user_home = "/home/{$user_name}";
-    $user_shell = '/sbin/nologin';
+    $user_shell = isset($user['shell']) ? $user['shell'] : '/sbin/nologin';
    $user_group = 'nobody';
    $lock_account = 'lock';

@ -439,6 +457,7 @@ function local_user_set(&$user, $force_password = false)

    /* configure shell type */
    if (userHasPrivilege($user, 'user-shell-access')) {
+        /* XXX override the shell for this privilege so we can zap it in 18.7 */
        $user_shell = '/bin/csh';
    }

--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@ -120,7 +120,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        exit;
    } elseif ($act == 'new' || $act == 'edit') {
        // edit user, load or init data
-        $fieldnames = array('user_dn', 'descr', 'expires', 'scope', 'uid', 'priv', 'ipsecpsk', 'lifetime', 'otp_seed', 'email', 'comment');
+        $fieldnames = array('user_dn', 'descr', 'expires', 'scope', 'uid', 'priv', 'ipsecpsk', 'lifetime', 'otp_seed', 'email', 'shell', 'comment');
        if (isset($id)) {
            if (isset($a_user[$id]['authorizedkeys'])) {
                $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
@ -354,6 +354,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                unset($userent['comment']);
            }

+            if (!empty($pconfig['shell'])) {
+                $userent['shell'] = $pconfig['shell'];
+            } elseif (isset($userent['shell'])) {
+                unset($userent['shell']);
+            }
+
            if (isset($id)) {
                $a_user[$id] = $userent;
            } else {
@ -635,6 +641,18 @@ $( document ).ready(function() {
                      <?= $pconfig['language'] ?>
                    </td>
                  </tr>
+                  <tr>
+                    <td><i class="fa fa-info-circle text-muted"></i> <?= gettext('Login shell') ?></td>
+                    <td>
+                      <select name="shell" class="selectpicker" data-style="btn-default">
+<?php
+                      foreach (auth_get_shells() as $shell_key => $shell_value) :?>
+                        <option value="<?= html_safe($shell_key) ?>" <?= $pconfig['shell'] == $shell_key ? 'selected="selected"' : '' ?>><?= $shell_value ?></option>
+<?php
+                      endforeach;?>
+                      </select>
+                    </td>
+                  </tr>
                  <tr>
                    <td><a id="help_for_expires" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Expiration date"); ?></td>
                    <td>