LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-26-2013, 01:48 PM   #1
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Rep: Reputation: 0
Exclamation Users forced to subshell on login


Hello All!

The sysadmin previous to me set something up on one of our machines that when a user logs in, it forces them into a modified bash "subshell".

I am at a loss as to how he accomplished this, and therefore cannot undo the modification.

Any help would be appreciated! I can reply with more information if needed, but not sure where to even start at this point.

Thanks!
 
Old 02-26-2013, 02:08 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,935

Rep: Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692
Quote:
Originally Posted by tkinsella View Post
Hello All!
The sysadmin previous to me set something up on one of our machines that when a user logs in, it forces them into a modified bash "subshell".

I am at a loss as to how he accomplished this, and therefore cannot undo the modification. Any help would be appreciated! I can reply with more information if needed, but not sure where to even start at this point.
Read the man page on the usermod command. Pay particular attention to how to set a users shell.

A 'shell' can be ANY program, including a custom-written shell script. Look at the /etc/passwd file, and the users shell can be seen in it, as the last parameter I believe. Change it to whatever else you want via the usermod command.
 
Old 02-26-2013, 02:12 PM   #3
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Original Poster
Rep: Reputation: 0
I did check that first and everyone is set to /bin/bash

When logged in we get a message :

Last login: Tue Feb 26 10:39:54 2013 from 10.1.3.161
Notice: Your umask has been set to 002 for group sharing.
Your group has been changed to apache.
You are in a subshell. Type exit to resume individual credentials.


I assume that this is a message that the sysadmin set up. There is not motd or banner in the sshd_config that would prompt this.
 
Old 02-26-2013, 02:20 PM   #4
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0, RHEL5,6), CentOS, SuSE (10.x, 11.x, 12.2, 13.2), Solaris (8-10), Tru64, MacOS, Raspian
Posts: 1,108

Rep: Reputation: 64
Quote:
Originally Posted by tkinsella View Post
Hello All!

The sysadmin previous to me set something up on one of our machines that when a user logs in, it forces them into a modified bash "subshell".

I am at a loss as to how he accomplished this, and therefore cannot undo the modification.

Any help would be appreciated! I can reply with more information if needed, but not sure where to even start at this point.

Thanks!
I take it the intention was to limit those victims^Wusers to only be able to use a subset of the shell.

Can you show a line from /etc/passwd for one of the affected user accounts? I wonder if there is a modified shell specified for those users. The fix may be as simple as tweaking the /etc/passwd entry for those user accounts.

BTW, if you find that the /etc/passwd entries for the accounts is specified as "rbash" or "bash -r", i.e., "restricted" shells. (I'm not sure if passwd accepts the second example as a valid shell.) You ought to be careful about undoing that. What were those accounts intended to be used for? Would unrestricting the shells for those accounts make your system less secure? Setting up a user account with such a shell is usually done to allow fairly, shall we say, "unsophisticated" users run programs in an environment (pun intended) that doesn't allow them to cause too much damage should they get into something that they shouldn't be running. Check out the "RESTRICTED SHELL" section at the bottom of the bash(1) man page for more on this.

If your predecessor didn't set up these accounts with a restricted shell then more detective work will be needed.

--
Rick
 
Old 02-26-2013, 02:27 PM   #5
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Original Poster
Rep: Reputation: 0
tkinsella:x:1408:1408::/home/tkinsella:/bin/bash
 
Old 02-26-2013, 03:40 PM   #6
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0, RHEL5,6), CentOS, SuSE (10.x, 11.x, 12.2, 13.2), Solaris (8-10), Tru64, MacOS, Raspian
Posts: 1,108

Rep: Reputation: 64
Isn't digital archeology fun?

Quote:
Originally Posted by tkinsella View Post
tkinsella:x:1408:1408::/home/tkinsella:/bin/bash
Pretty generic. Dang... so much for the simple fix.

Since you are seeing some distinct messages during the login process, have you grepped the contents of the scripts under /etc (or /usr/local/*, and so on) to see if those have been modified to set up the subshell. For example, /etc/profile, that "Notice: Your umask has been set to..." message seems pretty non-standard. If you can find out what's issuing that message, you should get a good idea how to undo the restrictions.

Question: What are "individual credentials"? When you see
Code:
You are in a subshell. Type exit to resume individual credentials.
what happens when you enter "exit"? Are you in a "normal" shell or logged out?


--
Rick
 
Old 02-26-2013, 03:44 PM   #7
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Original Poster
Rep: Reputation: 0
Thanks for the help! Told you I was lost on this one, can't find anything that just sticks out.

The first thing I did was to grep for those lines and I can't seem to find them anywhere which makes me think the last admin may have recompiled bash with this stuff in it.

Code:
Notice: Your umask has been set to 002 for group sharing.
Your group has been changed to apache.
You are in a subshell. Type exit to resume individual credentials.
bash-3.2$ exit
exit
-bash-3.2$
 
Old 02-26-2013, 04:07 PM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,935

Rep: Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692
Quote:
Originally Posted by tkinsella View Post
tkinsella:x:1408:1408::/home/tkinsella:/bin/bash
Then log in, and get root access (either with "sudo -s" or "su"), and look at the .bashrc and .profile files for one of the users that is behaving like that. Could be as simple as something getting run when a user logs in. Also, check the /etc/profile file, since it could also be that whatever is being run is coming from there (a UID/GID check to see what happens when a shell is invoked).

If that's the case (and assuming you DON'T want this anymore), check the /etc/skel directory, since those are the 'skeleton' files that get pushed out whenever you make a new user.
 
Old 02-26-2013, 05:44 PM   #9
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0, RHEL5,6), CentOS, SuSE (10.x, 11.x, 12.2, 13.2), Solaris (8-10), Tru64, MacOS, Raspian
Posts: 1,108

Rep: Reputation: 64
Quote:
Originally Posted by tkinsella View Post
Code:
Notice: Your umask has been set to 002 for group sharing.
Your group has been changed to apache.
You are in a subshell. Type exit to resume individual credentials.
bash-3.2$ exit
exit
-bash-3.2$
Ah... So it looks like you need to log out twice to disconnect, right? That tells me that the profile (/etc/profile?) is running something at the end that actually is spawning another shell.

See TBOne's suggestion about examining the profiles in /etc to see if some script is being executed at the end of the standard /etc/profile, bash.bashrc, etc. Commenting out that command will likely solve your problem.

Good luck...

-- Rick
 
Old 02-26-2013, 07:48 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Also check the skel stuff as indicated; he may(!) have added it to the end of the user's .bash_profile or .bashrc or .profile.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to login any user through the console but users can login in GUI p kumar Linux - Server 1 04-19-2012 07:09 AM
[SOLVED] SSH login problem for additional users after password-less login setup uncle-c Linux - Newbie 3 02-10-2010 01:51 PM
users cant able to login in any console,but root can login. skumar.v Linux - Security 1 04-19-2008 07:57 AM
how to create users they can login through login screen on any network connected comp rohit_67066 Linux - Server 5 02-19-2008 10:53 PM
users can't login with gnome login manager vesalius Linux - Newbie 5 12-23-2005 01:47 AM


All times are GMT -5. The time now is 12:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration