Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 194317 - genhomedircon marks all shells as invalid
genhomedircon marks all shells as invalid
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-06-07 05:00 EDT by Sitsofe Wheeler
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: 1.30.10-2.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-21 21:11:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sitsofe Wheeler 2006-06-07 05:00:07 EDT
Description of problem:
genhomedircon doesn't strip the newline when constructing VALID_SHELLS thus
VALID_SHELLS looks like this:

['/bin/sh\n', '/bin/bash\n', '/sbin/nologin\n', '/bin/tcsh\n', '/bin/csh\n',
'/bin/ksh\n', '/bin/zsh\n']

This then goes on to fail the shells of users who have this:

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Add print VALID_SHELLS beneath line 33
2. Run /usr/sbin/genhomedircon
3. (For extra hilarity run "/sbin/restorecon -R -v /home" on a system with user
home dirs that are in subdirectories e.g. /home/member/user )
Actual results:
['/bin/sh\n', '/bin/bash\n', '/sbin/nologin\n', '/bin/tcsh\n', '/bin/csh\n',
'/bin/ksh\n', '/bin/zsh\n']

(in the extra hilarity case parts of a user's home directory become mislabelled
e.g. public_html)

Expected results:
same output as above but without the newline (\n) characters

Additional info:
Fixable by changing the VALID_SHELLS line to:
VALID_SHELLS = fd.readlines().trim()
Python documentation warns that the newline isn't stripped here:

Setting to severity to high because of the breakage caused on a relabel.
Comment 1 Daniel Walsh 2006-06-21 21:11:14 EDT
Fixed in 1.30.10-2.fc5
Comment 2 Sitsofe Wheeler 2006-06-22 05:25:06 EDT
I'm just looking at man getusershell ... technically shouldn't you only default
/bin/sh and /bin/csh if /etc/shells is empty?

Note You need to log in before you can comment on or make changes to this bug.