Check for a valid shell in pam configuration

When a program is run in a VM using vmrun from the host, the user account
is not checked for a valid shell. This changes adds this to the pam
configuration for vmtoolsd.

Note that /sbin/nologin is a valid shell in CentOS and RHEL, but
not in Ubuntu. Valid shells are those that are listed in /etc/shells.

diff --git a/open-vm-tools/scripts/linux/pam.d/vmtoolsd b/open-vm-tools/scripts/linux/pam.d/vmtoolsd
index 380b2cb319418e0658b7c70e944e1de423753482..1c860ac110ca3097f93dde390ad9396ce958f619 100644 (file)
--- a/open-vm-tools/scripts/linux/pam.d/vmtoolsd
+++ b/open-vm-tools/scripts/linux/pam.d/vmtoolsd
@@ -1,5 +1,7 @@
 #%PAM-1.0
+auth       required         pam_shells.so
 auth       sufficient       pam_unix.so shadow
 auth       required         pam_unix_auth.so shadow
+account    required         pam_shells.so
 account    sufficient       pam_unix.so
 account    required         pam_unix_acct.so