openstack/loci
Code Issues Proposed changes

Use rbash for nova user instead of bash

Browse Source 
We do not need to allow execute all commands, rbash is more than enough

Change-Id: I266e2723aee4dcf608f2a29bb5adc970de4d3b56
This commit is contained in:
Vasyl Saienko 2024-11-21 10:55:59 +00:00
parent 97263c21d1
commit 4c8bfa468e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/create_user.sh
View File

@ -5,7 +5,7 @@ set -ex
groupadd -g ${GID} ${PROJECT}
if [[ "${PROJECT}" == "nova" ]];then
# NOTE: bash needed for nova to support instance migration
useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /bin/bash -c "${PROJECT} user" ${PROJECT}
useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /bin/rbash -c "${PROJECT} user" ${PROJECT}
else
useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT}
fi