From 4c8bfa468e71046874da1c0a890c30e3282256ff Mon Sep 17 00:00:00 2001
From: Vasyl Saienko <vsaienko@mirantis.com>
Date: Thu, 21 Nov 2024 10:55:59 +0000
Subject: [PATCH] Use rbash for nova user instead of bash

We do not need to allow execute all commands, rbash is more than enough

Change-Id: I266e2723aee4dcf608f2a29bb5adc970de4d3b56
---
 scripts/create_user.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/create_user.sh b/scripts/create_user.sh
index ecccb611..cc0a1507 100755
--- a/scripts/create_user.sh
+++ b/scripts/create_user.sh
@@ -5,7 +5,7 @@ set -ex
 groupadd -g ${GID} ${PROJECT}
 if [[ "${PROJECT}" == "nova" ]];then
     # NOTE: bash needed for nova to support instance migration
-    useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /bin/bash -c "${PROJECT} user" ${PROJECT}
+    useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /bin/rbash -c "${PROJECT} user" ${PROJECT}
 else
     useradd -u ${UID} -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT}
 fi