From: Oliver Kurth <okurth@vmware.com>
Date: Fri, 15 Sep 2017 18:22:58 +0000 (-0700)
Subject: Check for a valid shell in pam configuration
X-Git-Tag: stable-10.2.0~589
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8781e18ba29ad01fdf9ebdf4bb46ee0ea08b1f39;p=thirdparty%2Fopen-vm-tools.git

Check for a valid shell in pam configuration

When a program is run in a VM using vmrun from the host, the user account
is not checked for a valid shell. This changes adds this to the pam
configuration for vmtoolsd.

Note that /sbin/nologin is a valid shell in CentOS and RHEL, but
not in Ubuntu. Valid shells are those that are listed in /etc/shells.
---

diff --git a/open-vm-tools/scripts/linux/pam.d/vmtoolsd b/open-vm-tools/scripts/linux/pam.d/vmtoolsd
index 380b2cb31..1c860ac11 100644
--- a/open-vm-tools/scripts/linux/pam.d/vmtoolsd
+++ b/open-vm-tools/scripts/linux/pam.d/vmtoolsd
@@ -1,5 +1,7 @@
 #%PAM-1.0
+auth       required         pam_shells.so
 auth       sufficient       pam_unix.so shadow
 auth       required         pam_unix_auth.so shadow
+account    required         pam_shells.so
 account    sufficient       pam_unix.so
 account    required         pam_unix_acct.so