Point login shell to /bin/false for linux and /sbin/nologin in osx. Fix

#74
prey · Feb 9, 2015 · 46a8e3e · 46a8e3e
1 parent 0593498
commit 46a8e3e
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/lib/conf/tasks/utils/create_user.sh b/lib/conf/tasks/utils/create_user.sh
@@ -9,7 +9,15 @@ USER_NAME="$1"
 [ -z "$USER_NAME" ] && echo "User name required." && exit 1
 
 FULL_NAME="Prey Anti-Theft"
-SHELL="/bin/bash"
+
+# for security reasons, Prey user shouldn't have a login shell defined
+if [ "$(uname)" == "Linux" ]; then
+  # since nologin path changes between linux distros, lets use /bin/false instead
+  SHELL="/bin/false"
+else
+  SHELL="/sbin/nologin"
+fi
+
 SU_CMD=$(command -v su) || SU_CMD="/bin/su"
 
 # this means user will be able to run commands as other users except root