I’m currently playing around with LARS, this script collection creates a arch ISO with some post-install magic, for example setting a login shell for root. The used code is:
usermod -s /usr/bin/bash root
I could boot up the image and ssh into it with my key. But three things weren’t working:
- Login as normal user and do su
- Login at a TTY
- Login via ssh with a password
I got a “Access Denied” message in all three cases. I digged around for two days. I know that Arch Linux moved binaries around a few years back, /bin is now a symlink to /usr/bin. Just for fun a colleague changed the shell in the /etc/passwd to /bin/bash, just like in the good old days, and WTF everything was working?!
We found the /etc/shells file:
#
# /etc/shells
#
/bin/sh
/bin/bash
# End of file
This file lists all shells that are allowed to be used as a login shell. By default it lists the symlink for bash, not the absolute path itself… I still don’t know why the keybased login was working, but this is another mystery.