lxc-ubuntu template sets user shell, without checking it's installed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn |
Bug Description
If you use a shell other than bash (or rather, something not installed by default on Ubuntu), then setuplxc will eventually get jammed when it tries to ssh in to the container:
mbp@lptests's password:
Permission denied (publickey,
Warning: Permanently added 'lptests,
mbp@lptests's password:
the reason can be seen in the guest's auth.log:
Feb 20 07:07:12 localhost sshd[459]: User mbp not allowed because shell /usr/bin/zsh does not exist
Feb 20 07:07:12 localhost sshd[459]: Failed none for invalid user mbp from 10.0.3.1 port 45609 ssh2
probably it's simplest for setuplxc to just reset the shell to bash after creating the user, or perhaps it can install whichever shell the user prefers.
Changed in lxc (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
Changed in launchpad: | |
assignee: | Martin Pool (mbp) → nobody |
no longer affects: | launchpad |
Digging in to this a bit, I think the bug can be said to be in the lxc templates, where lxc-ubuntu has
do_bindhome()
{
rootfs=$1
user=$2
# copy /etc/passwd, /etc/shadow, and /etc/group entries into container
pwd=`getent passwd $user`
if [ $? -ne 0 ]; then
echo 'Warning: failed to copy password entry for $user'
return
else
echo $pwd >> $rootfs/etc/passwd
fi
shad=`getent shadow $user`
echo $shad >> $rootfs/etc/shadow
# bind-mount the user's path into the container's /home
h=`getent passwd $user | cut -d: -f 6`
mkdir -p $rootfs/$h
echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
}
so that copies the pwent, including the shell, with no consideration whether it will exist....