Hide Forgot
Description of problem: When we add a user via sssd to a system, and the user had no loginShell attribute in LDAP, the user is treated as system user and does not show up in the user list of GDM. Version-Release number of selected component (if applicable): accountsservice-0.6.35-12.el7.x86_64 gdm-3.14.2-19.el7.x86_64 sssd-1.14.0-43.el7.x86_64 How reproducible: For every user without a log in shell set Steps to Reproduce: 1. Create a user in LDAP without the loginShell attribute 2. Use sssd to set up the user Actual results: User is seen as system user and does not show up in GDM Expected results: If the loginShell is empty, the system should fall back to the system default shell as set in /etc/default/useradd
maybe. I do wonder if some system services will start showing up as normal user accounts if we do this.
mmhhh.. good point. Maybe System user/Accounts should be (if not other needed) set to loginShell as /sbin/nologin (or /bin/false)?
looks like the login command does this: → if (pwd->pw_shell == NULL || *pwd->pw_shell == '\0')• → → pwd->pw_shell = _PATH_BSHELL;• where _PATH_BSHELL is libc defined default bourne shell ("/bin/sh"). perhaps accountsservice should use the same logic.
i've filed https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/69 for now. I think we should deal with this upstream, and potentially backport the change down the road (maybe just in rhel8 following a rebase?). Closing, but if you were really hoping to see this land in rhel 7 on a more accelerated schedule, please reopen.