Debian Bug report logs - #747178
ltsp-client-core: ltsp-localapps fails if user's /etc/passwd shell is missing on client

version graph

Package: ltsp-client-core; Maintainer for ltsp-client-core is Debian LTSP Maintainers <team+ltsp@tracker.debian.org>; Source for ltsp-client-core is src:ltsp (PTS, buildd, popcon).

Reported by: root <mark@hindley.org.uk>

Date: Tue, 6 May 2014 08:36:08 UTC

Severity: normal

Found in version ltsp/5.4.2-6+deb7u1

Fixed in version 19.11-1

Done: Vagrant Cascadian <vagrant@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, LTSP Debian Maintainers <pkg-ltsp-devel@lists.alioth.debian.org>:
Bug#747178; Package ltsp-client-core. (Tue, 06 May 2014 08:36:13 GMT) (full text, mbox, link).

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: root <mark@hindley.org.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ltsp-client-core: ltsp-localapps fails if user's /etc/passwd shell is missing on client
Date: Tue, 6 May 2014 08:53:45 +0100
Package: ltsp-client-core
Version: 5.4.2-6+deb7u1
Severity: normal
Tags: patch

Dear Maintainer,

I have been debugging why ltsp-localapps was having no effect on my LTSP 
setup. The problem is that on the server I use /bin/zsh as my default 
shell, but this is not installed on the client. Obviously I could add 
all possible shells to the client, but this doesn't make it so 'thin'.

My fix is to add -s /bin/sh to the su command in ltsp-localappsd:

--- usr/bin/ltsp-localappsd	2012-06-27 22:26:21.000000000 +0100
+++ /opt/ltsp/i386/usr/bin/ltsp-localappsd	2014-05-06 08:28:22.000000000 +0100
@@ -60,9 +60,9 @@
 
         logit "Executing command as username ${LDM_USERNAME}: ${LTSP_COMMAND} "
         if [ "$LTSP_COMMAND_WAIT" = "true" ]; then
-            su - ${LDM_USERNAME} -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}"
+            su - ${LDM_USERNAME} -s /bin/sh -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}"
         else
-            su - ${LDM_USERNAME} -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}" &
+            su - ${LDM_USERNAME} -s /bin/sh -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}" &
         fi
     fi
     reset_xprop LTSP_COMMAND

Mark

-- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.10.38-m586mmx (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ltsp-client-core depends on:
ii  console-setup    1.88
ii  initramfs-tools  0.109.1
ii  iproute          20120521-3+b3
ii  kbd              1.15.3-9
ii  libc6            2.13-38+deb7u1
ii  libpopt0         1.16-7
ii  libx11-6         2:1.5.0-1+deb7u1
ii  lsb-base         4.1+Debian8+deb7u1
ii  lsb-release      4.1+Debian8+deb7u1
ii  mkelfimage       2.7-7
ii  nbd-client       1:3.2-4~deb7u4
ii  python           2.7.3-4+deb7u1
ii  syslinux         2:4.05+dfsg-6+deb7u1
ii  tftp-hpa         5.2-4

Versions of packages ltsp-client-core recommends:
ii  procps  1:3.3.3-3

Versions of packages ltsp-client-core suggests:
ii  alsa-utils                        1.0.25-4
ii  cron                              3.0pl1-124
ii  cryptsetup                        2:1.4.3-4
ii  cups-bsd                          1.5.3-5+deb7u1
ii  freerdp-x11                       1.0.1-1.1+deb7u3
ii  inputattach                       1:1.4.3-1
ii  ldm                               2:2.2.11-2
ii  libasound2-plugins                1.0.25-2
ii  ltspfsd                           1.1-2
ii  mdetect                           0.5.2.3
ii  netcat-traditional [netcat]       1.10-40
ii  ntpdate                           1:4.2.6.p5+dfsg-2
ii  numlockx                          1.2-4
ii  pulseaudio                        2.0-6.1
ii  python-serial                     2.5-2.1
ii  rsyslog [system-log-daemon]       5.8.11-3
ii  sane-utils                        1.0.22-7.4
pn  sdm-terminal | x-display-manager  <none>
ii  sshfs                             2.4-1
ii  x11-xserver-utils                 7.7~3

-- no debconf information

-- 
Mark Hindley

6, Nursery Park
Innerleithen
Peeblesshire
EH44 6JB
Scotland

+44 (0)1896 830304

Information forwarded to debian-bugs-dist@lists.debian.org, LTSP Debian Maintainers <pkg-ltsp-devel@lists.alioth.debian.org>:
Bug#747178; Package ltsp-client-core. (Tue, 05 Aug 2014 21:24:10 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@debian.org>:
Extra info received and forwarded to list. Copy sent to LTSP Debian Maintainers <pkg-ltsp-devel@lists.alioth.debian.org>. (Tue, 05 Aug 2014 21:24:10 GMT) (full text, mbox, link).

Message #8 received at 747178@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>
To: root <mark@hindley.org.uk>, 747178@bugs.debian.org
Subject: Re: Bug#747178: ltsp-client-core: ltsp-localapps fails if user's /etc/passwd shell is missing on client
Date: Tue, 05 Aug 2014 14:22:07 -0700
[Message part 1 (text/plain, inline)]
Control: tag -1 -patch

On 2014-05-06, root wrote:
> I have been debugging why ltsp-localapps was having no effect on my LTSP 
> setup. The problem is that on the server I use /bin/zsh as my default 
> shell, but this is not installed on the client. Obviously I could add 
> all possible shells to the client, but this doesn't make it so 'thin'.

Thanks for reporting the issue!

Sorry it took me so long to test your patch...

> My fix is to add -s /bin/sh to the su command in ltsp-localappsd:
>
> --- usr/bin/ltsp-localappsd	2012-06-27 22:26:21.000000000 +0100
> +++ /opt/ltsp/i386/usr/bin/ltsp-localappsd	2014-05-06 08:28:22.000000000 +0100
> @@ -60,9 +60,9 @@
>  
>          logit "Executing command as username ${LDM_USERNAME}: ${LTSP_COMMAND} "
>          if [ "$LTSP_COMMAND_WAIT" = "true" ]; then
> -            su - ${LDM_USERNAME} -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}"
> +            su - ${LDM_USERNAME} -s /bin/sh -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}"
>          else
> -            su - ${LDM_USERNAME} -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}" &
> +            su - ${LDM_USERNAME} -s /bin/sh -c "LANG=$LANG LANGUAGE=$LANG DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $CLIENT_ENV ${LTSP_COMMAND}" &
>          fi
>      fi
>      reset_xprop LTSP_COMMAND

Unfortunately, this forces the shell for all users, so "ltsp-localapps
xterm" results in a sh prompt, weather the user's shell is in the chroot
or not.

The "su" manpage suggests it should fall back to /bin/sh, though it's
not absolutely clear to me:

   -s, --shell SHELL
       The shell that will be invoked.

       The invoked shell is chosen from (highest priority first):

       The shell specified with --shell.

       If --preserve-environment is used, the shell specified by
       the $SHELL environment variable.

       The shell indicated in the /etc/passwd entry for the
       target user.

       /bin/sh if a shell could not be found by any above
       method.

Looks like /etc/passwd takes priority over the /bin/sh fallback, I
guess.


The localapps code could adjust the shell entry in /etc/passwd if it
wasn't found, but this would have security implications if the user
specified had a restricted shell...


So, for the moment, the recommended workaround would be to install the
appropriate shells in the thin client, or limit your users to shells
also present in the thin client image.

Please follow up with other ideas to resolve the issue, as I do agree it
is an important one...

live well,
  vagrant

[Message part 2 (application/pgp-signature, inline)]

Removed tag(s) patch. Request was from Vagrant Cascadian <vagrant@debian.org> to 747178-submit@bugs.debian.org. (Tue, 05 Aug 2014 21:24:10 GMT) (full text, mbox, link).

Reply sent to Vagrant Cascadian <vagrant@debian.org>:
You have taken responsibility. (Fri, 27 Dec 2019 23:15:05 GMT) (full text, mbox, link).

Notification sent to root <mark@hindley.org.uk>:
Bug acknowledged by developer. (Fri, 27 Dec 2019 23:15:05 GMT) (full text, mbox, link).

Message #15 received at 747178-done@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>
To: 747178-done@bugs.debian.org
Subject: Re: Bug#747178: ltsp-client-core: ltsp-localapps fails if user's /etc/passwd shell is missing on client
Date: Fri, 27 Dec 2019 15:10:09 -0800
[Message part 1 (text/plain, inline)]
Version: 19.11-1

> I have been debugging why ltsp-localapps was having no effect on my LTSP 
> setup. The problem is that on the server I use /bin/zsh as my default 
> shell, but this is not installed on the client. Obviously I could add 
> all possible shells to the client, but this doesn't make it so 'thin'.

Newer versions of LTSP do not have ltsp-localapps or similar code;
marking as done.

live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 25 Jan 2020 07:30:54 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jul 1 13:26:15 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.