[Bash-completion-devel] [bash-completion-Bugs][311717] chsh -s: different behaviour for root
bash-completion-bugs at alioth.debian.org
bash-completion-bugs at alioth.debian.org
Wed Apr 27 16:00:51 UTC 2011
Bugs item #311717, was changed at 2009-06-01 11:47 by Ville Skyttä
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311717&group_id=100114
Status: Open
Priority: 3
Submitted By: Martin von Gagern (gagern-guest)
Assigned to: Nobody (None)
Summary: chsh -s: different behaviour for root
Distribution: Gentoo
Originally reported in: Gentoo Bugzilla
Milestone: None
Status: None
Original bug number: 271521
Initial Comment:
The bash completion for "chsh -s" uses the contents of /etc/shells as the list of posible completions. This makes sense for normal users, as their choice is usually restricted to one of these shells. However, there is no such restriction for root. In fact, on many systems there are binaries like /sbin/nologin or similar which are unsuitable as a login shell for normal users, but which are likely to be chosen by root as the login shell for special system accounts.
I therefore suggest that the completion for "chsh -s" detect whether it's run by UID 0, and if so, use normal path completin instead of using the contents from /etc/shells.
----------------------------------------------------------------------
>Comment By: Ville Skyttä (scop-guest)
Date: 2011-04-27 19:00
Message:
Arguing about OS distributor policies wrt. /etc/shells contents does not make sense here, contact people who can do about it if you want something changed in them.
Quantity and legality of completions are not the only concerns, quality and responsibility are important considerations as well, there are numerous examples about this throughout bash completion (offering long vs short options, not offering some hdparm completions, stopping to offer completions that no longer work with newer versions of various tools that worked with old ones are a few examples of this off the cuff), and there's lots of room for improvement in these areas.
If you don't like bash-completion's file completions, you can always use Alt+/ to bypass them.
But this particular case is not a clear cut one, that's why I didn't close the bug. I don't personally plan to spend time implementing what's requested here because I'm happy with how it currently behaves wrt. listing shells and would consider changing it as requested as a slight regression (that I could live with if people insist), but what I do think the implementation should do in case someone wants to spend time on it is:
_complete_as_root() can be used to check if the completion is being done as root. Plain _filedir for the "is root" case isn't IMO quite enough, should also check at least that the offered completions are executable, preferably by the user whose shell is being changed (although that may not be doable very well e.g. because the shell quite probably needs to be completed before we know the user).
----------------------------------------------------------------------
Comment By: Martin von Gagern (gagern-guest)
Date: 2011-04-27 16:40
Message:
Having nologin in /etc/shells sounds like a good way to shoot yourself in the foot, too: as a normal user, you could accidentially make your account unusable. Even worse, it allows normal users to shoot themselves in the foot. root should know better than to actually pull the trigger. And root might use a completely different binary as shell for very special accounts where having it in /etc/shells would be even worse.
I believe that bash completion should provide as many legal command arguments as reasonably possible. It is up to the command itself to prevent people from shooting themselves in the foot. As chsh does accept different arguments for root or non-root, bash completion should mirror that fact without second-guessing it.
----------------------------------------------------------------------
Comment By: Ville Skyttä (scop-guest)
Date: 2011-04-25 14:28
Message:
I'm not sure if this is a good idea, it'd provide people a way to shoot themselves in the foot. FWIW on my Fedora 14 system, /etc/shells contains /sbin/nologin.
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311717&group_id=100114
More information about the Bash-completion-devel
mailing list