Enabling Siteworx Shell user

Hi all,
I have enabled shell access for a Siteworx user, logged in, run a command, logged out, then disabled access in Siteworx, but for some reason I can’t change the Shell environment from /bin/bash back to /sbin/nologin for some reason that option is no longer there? Is this normal?

Any help / suggestions much appreciated.

Hi nico

I would open a support ticket with IW and let them have a look

It is likely a bug and I believe this is on a IW-CP v7

I really need to load v7 when I have time

Hope that helps a little

Many thanks

John

Hi John @d2d4j ,
Sorry forgot to mention it is a Siteworx 6.9.0 server
Nico

Hello–

Where are you trying to change the shell user back? Is it in NodeWorx under SiteWorx > Shell Users? Could you provide a screenshot of the dropdown?

Thanks,
-Jenna

Hi Jenna

Yes, if you change from

Nodeworx, siteworx, shell, chose a user, tick box and goto bottom and select change shell - you will see there is no nologin selection shown as an option

You do not need to save the change to see the missing selection option

I can do a screenshot but will be late afternoon or early evening or if nico has time, perhaps nico would be so kind

Many thanks

John

@IWorx-Jenna, @d2d4j
Hi Jenna, yes that’s correct in Nodeworx, Siteworx, Shell users,. see attachment.
image
kind regards,
Nico

How odd. I cannot reproduce that on my test server running 6.9.0. I changed a user’s shell to /bin/bash, logged in via SSH with it, ran a command (tailed a log), logged out, and then looked at the shell options for that account. nologin is listed (granted this is a different theme, but that should not affect anything).

Silly question, but they are 100% logged out of the command line, correct?

If so, submit a support ticket, I’ll take a closer look for you.

1 Like

@IWorx-Jenna, @d2d4j

No silly question :slight_smile:
It happens on two 6.9.0 version servers and both use a different theme [ Heliotrope, Blue Steel ]
Seems to me you have more shell options, are you using a v7.0 server?
Nico

Hi

@IWorx-Jenna @Nico as Nico says, I do not think it is theme, however, it doeas appear to only happen on Centos 7. I have just checked a Centos 6 and it is shown as an option to select.

I have quickly opened a support ticket so you can check if it helps and if @nico has not opened a ticket already

Many thanks

John

Hello!

Nope, that’s 6.9.0 on EL7 (the GUI in IW7 looks totally completely different). I checked my two other IW6 test servers as well, same thing–nologin is listed after changing the shell to something else, even on my EL6 boxes. I did notice that you have fewer options listed, as well, which is also odd.

The only thing I can think of that might be a little different is that my test servers have been around for a really long time–the installations are a few years old. I think I created them back when IW 5 was a thing, so at least three, if not four years. Yours may be newer installs, and sometimes bugs pop up in new(er) installs that don’t in established servers.

I spun up a new IW6 server and I see exactly what you are talking about, and was able to reproduce, there. So it seems to be an issue with newer installs, though I have no idea what version it might have popped up in. I’ll submit a bug report for the issue. Thanks so much for bringing it up! I have a meeting with the devs in about a half hour (2pm EST) so I’ll ask if there might be a workaround that can be used. No guarantees, though worth the ask. :slight_smile:

1 Like

Hi

@IWorx-Jenna @Nico

We do not allow user SSH and I believe nico operates the same

Also, they can be disabled so there is no rush and hopefully push out a fix

Many thanks

John

As a note, I checked and this issue is also in IW7, so there is that, as well.

@IWorx-Jenna
True, as said in the beginning I enabled run the command, disabled…no rush for me, but nice if you can fix it.
Kind reggards,
Nico

Brandon just found this little tidbit–looks like it might be a CentOS level thing, not a IW specific thing. It looks like there was a security issue with nologin being listed in /etc/shells, and so it was removed: https://access.redhat.com/errata/RHSA-2018:3249

From the code and it looks like we just dump /etc/shells, which is provided by the OS, to get a list of available shells.

It is still odd that my established test servers has it listed, while a new one does not, even with the same CentOS version. However, it could be a case where the update just updated for new installs of the OS, but did not remove the shell on existing installs.

[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[[email protected] ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/usr/bin/sh
/usr/bin/bash
/usr/sbin/nologin
/bin/tcsh
/bin/csh
/usr/sbin/jk_chrootsh
[[email protected] ~]#

vs

[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[[email protected] ~]# cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
/usr/sbin/jk_chrootsh
[[email protected] ~]#

I brought it up with the devs and they’re going to look further into it but nothing solid at this point. But it looks like we found the culprit! :slight_smile:

2 Likes