From 54f6b203d6fe37951ee17ce2b993bc110fb7aac6 Mon Sep 17 00:00:00 2001 From: Mauricio Schneider Date: Fri, 16 Jan 2015 14:18:59 -0300 Subject: [PATCH] Point login shell to /bin/false for linux and /sbin/nologin in osx. Fix #74 --- lib/conf/tasks/utils/create_user.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/conf/tasks/utils/create_user.sh b/lib/conf/tasks/utils/create_user.sh index 5c72e05d7..cc0523628 100755 --- a/lib/conf/tasks/utils/create_user.sh +++ b/lib/conf/tasks/utils/create_user.sh @@ -9,7 +9,15 @@ USER_NAME="$1" [ -z "$USER_NAME" ] && echo "User name required." && exit 1 FULL_NAME="Prey Anti-Theft" -SHELL="/bin/bash" + +# for security reasons, Prey user shouldn't have a login shell defined +if [ "$(uname)" == "Linux" ]; then + # since nologin path changes between linux distros, lets use /bin/false instead + SHELL="/bin/false" +else + SHELL="/sbin/nologin" +fi + SU_CMD=$(command -v su) || SU_CMD="/bin/su" # this means user will be able to run commands as other users except root