Hi all,
I have enabled shell access for a Siteworx user, logged in, run a command, logged out, then disabled access in Siteworx, but for some reason I can’t change the Shell environment from /bin/bash back to /sbin/nologin for some reason that option is no longer there? Is this normal?
Any help / suggestions much appreciated.
Hi nico
I would open a support ticket with IW and let them have a look
It is likely a bug and I believe this is on a IW-CP v7
I really need to load v7 when I have time
Hope that helps a little
Many thanks
John
Hi John @d2d4j ,
Sorry forgot to mention it is a Siteworx 6.9.0 server
Nico
Hello–
Where are you trying to change the shell user back? Is it in NodeWorx under SiteWorx > Shell Users? Could you provide a screenshot of the dropdown?
Thanks,
-Jenna
Hi Jenna
Yes, if you change from
Nodeworx, siteworx, shell, chose a user, tick box and goto bottom and select change shell - you will see there is no nologin selection shown as an option
You do not need to save the change to see the missing selection option
I can do a screenshot but will be late afternoon or early evening or if nico has time, perhaps nico would be so kind
Many thanks
John
@IWorx-Jenna, @d2d4j
Hi Jenna, yes that’s correct in Nodeworx, Siteworx, Shell users,. see attachment.
kind regards,
Nico
How odd. I cannot reproduce that on my test server running 6.9.0. I changed a user’s shell to /bin/bash, logged in via SSH with it, ran a command (tailed a log), logged out, and then looked at the shell options for that account. nologin is listed (granted this is a different theme, but that should not affect anything).
Silly question, but they are 100% logged out of the command line, correct?
If so, submit a support ticket, I’ll take a closer look for you.
No silly question 
It happens on two 6.9.0 version servers and both use a different theme [ Heliotrope, Blue Steel ]
Seems to me you have more shell options, are you using a v7.0 server?
Nico
Hi
@IWorx-Jenna @Nico as Nico says, I do not think it is theme, however, it doeas appear to only happen on Centos 7. I have just checked a Centos 6 and it is shown as an option to select.
I have quickly opened a support ticket so you can check if it helps and if @nico has not opened a ticket already
Many thanks
John
Hello!
Nope, that’s 6.9.0 on EL7 (the GUI in IW7 looks totally completely different). I checked my two other IW6 test servers as well, same thing–nologin is listed after changing the shell to something else, even on my EL6 boxes. I did notice that you have fewer options listed, as well, which is also odd.
The only thing I can think of that might be a little different is that my test servers have been around for a really long time–the installations are a few years old. I think I created them back when IW 5 was a thing, so at least three, if not four years. Yours may be newer installs, and sometimes bugs pop up in new(er) installs that don’t in established servers.
I spun up a new IW6 server and I see exactly what you are talking about, and was able to reproduce, there. So it seems to be an issue with newer installs, though I have no idea what version it might have popped up in. I’ll submit a bug report for the issue. Thanks so much for bringing it up! I have a meeting with the devs in about a half hour (2pm EST) so I’ll ask if there might be a workaround that can be used. No guarantees, though worth the ask.
Hi
We do not allow user SSH and I believe nico operates the same
Also, they can be disabled so there is no rush and hopefully push out a fix
Many thanks
John
As a note, I checked and this issue is also in IW7, so there is that, as well.
@IWorx-Jenna
True, as said in the beginning I enabled run the command, disabled…no rush for me, but nice if you can fix it.
Kind reggards,
Nico
Brandon just found this little tidbit–looks like it might be a CentOS level thing, not a IW specific thing. It looks like there was a security issue with nologin being listed in /etc/shells, and so it was removed: https://access.redhat.com/errata/RHSA-2018:3249
From the code and it looks like we just dump /etc/shells, which is provided by the OS, to get a list of available shells.
It is still odd that my established test servers has it listed, while a new one does not, even with the same CentOS version. However, it could be a case where the update just updated for new installs of the OS, but did not remove the shell on existing installs.
[root@jenna4 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@jenna4 ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/usr/bin/sh
/usr/bin/bash
/usr/sbin/nologin
/bin/tcsh
/bin/csh
/usr/sbin/jk_chrootsh
[root@jenna4 ~]#
vs
[root@ssh2 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@ssh2 ~]# cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
/usr/sbin/jk_chrootsh
[root@ssh2 ~]#
I brought it up with the devs and they’re going to look further into it but nothing solid at this point. But it looks like we found the culprit!
Hi @IWorx-Jenna,
I was wondering what needs to be done to get it added the nologin script seems to be there, see this:
#cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
#cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
/usr/sbin/jk_chrootsh
#ls -al /sbin/nologin
-rwxr-xr-x 1 root root 7176 Feb 2 16:31 /sbin/nologin
I have seen this security issue from 2018, just wonder if it is fixed or that they removed it only from the etc/shell and not the file in question, half done job? confusing er…
Kind regards,
Nico
Hello–
I don’t have an answer at this time, though I did bump the ticket with the devs and they’re looking into it. I’ll let you know when I have more info.
-Jenna
Hi again!
Answer faster than I thought–the fix is actually in 7.4.1, which is currently in the Release Candidate channel. The ticket still was marked as open because the dev just forgot to update it with a release note/that it was closed.
7.4.1 should be pushed to Release, soon (within the next week or so, barring anything odd that might pop up, though we have not had any bug reports logged against it). Or you could update now by changing the Update channel to Release Candidate in NodeWorx under Server > Software Updates.
Thanks,
-Jenna
Hi @IWorx-Jenna Jenna,
That;s fast could you make it also available in the 6.9.0 servers please?
Kind regards,
Nico
Hello–
I talked to the devs, and they’re going to release a hotfix for IW6 with the fix. I don’t know the specific time it will be released but if not today(Fri), than most likely by Monday.
-Jenna
Hi @IWorx-Jenna Jenna, thanks ever so much, much appreciated.
This morning 06/03 I noticed the hotfix-6/9/0/1810-28 Many thanks all fine now
Nico
