| 1 |
HI, thanks! |
| 2 |
|
| 3 |
On Fri, Feb 13, 2009 at 3:11 PM, Mike Kazantsev |
| 4 |
<mike_kazantsev@×××××××.net> wrote: |
| 5 |
> On Fri, 13 Feb 2009 13:15:12 +0800 |
| 6 |
> Chuanwen Wu <wcw8410@×××××.com> wrote: |
| 7 |
> |
| 8 |
>> Could you please give more details? How to change it to something |
| 9 |
>> default? |
| 10 |
> |
| 11 |
> Well, that's pretty much the basics... |
| 12 |
> Shells for each system user are defined in /etc/passwd, which should be |
| 13 |
> edited by 'vipw' command. |
| 14 |
> |
| 15 |
> What I've meant is the case, when you, or something else changed |
| 16 |
> '/etc/passwd', replacing '/bin/bash' with something like |
| 17 |
> '/sbin/nologin' or some other path, which is not a valid shell. |
| 18 |
Hi, here is the root infomation in my /etc/passwd: |
| 19 |
|
| 20 |
root:x:0:0:root:/root:/bin/bash |
| 21 |
|
| 22 |
> |
| 23 |
> Actually, ssh shouldn't work with invalid shell like that as well, but |
| 24 |
> one, for example, can add some commands to ".bashrc" which will work |
| 25 |
> only in ssh environment (using some env vars, set by ssh, for example). |
| 26 |
> |
| 27 |
> Then, there might be some ssh-only shell, so I'd suggest to set shell |
| 28 |
> to '/bin/sh' (which is actually bash, for gentoo) and disable all the |
| 29 |
> configs it's using, like '~/.bashrc' or '/etc/bashrc' (see 'man bash', |
| 30 |
> for full list). |
| 31 |
In the /root, there is no .bashrc, and in other users' home, the |
| 32 |
.bashrc is normal: |
| 33 |
/******************************************* |
| 34 |
$ cat /home/wcw/.bashrc |
| 35 |
# /etc/skel/.bashrc |
| 36 |
# |
| 37 |
# This file is sourced by all *interactive* bash shells on startup, |
| 38 |
# including some apparently interactive shells such as scp and rcp |
| 39 |
# that can't tolerate any output. So make sure this doesn't display |
| 40 |
# anything or bad things will happen ! |
| 41 |
|
| 42 |
|
| 43 |
# Test for an interactive shell. There is no need to set anything |
| 44 |
# past this point for scp and rcp, and it's important to refrain from |
| 45 |
# outputting anything in those cases. |
| 46 |
if [[ $- != *i* ]] ; then |
| 47 |
# Shell is non-interactive. Be done now! |
| 48 |
return |
| 49 |
fi |
| 50 |
|
| 51 |
|
| 52 |
# Put your fun stuff here. |
| 53 |
/*****************************************************/ |
| 54 |
|
| 55 |
> Also, Neil has made a good point that there might be something |
| 56 |
> in /etc/profile, which is usually sourced by all bash-like shells. |
| 57 |
Here is my /etc/profile, which I think is normal, too: |
| 58 |
/*****************************************************/ |
| 59 |
# cat /etc/profile |
| 60 |
# /etc/profile: login shell setup |
| 61 |
# |
| 62 |
# That this file is used by any Bourne-shell derivative to setup the |
| 63 |
# environment for login shells. |
| 64 |
# |
| 65 |
|
| 66 |
# Load environment settings from profile.env, which is created by |
| 67 |
# env-update from the files in /etc/env.d |
| 68 |
if [ -e /etc/profile.env ] ; then |
| 69 |
. /etc/profile.env |
| 70 |
fi |
| 71 |
|
| 72 |
# 077 would be more secure, but 022 is generally quite realistic |
| 73 |
umask 022 |
| 74 |
|
| 75 |
# Set up PATH depending on whether we're root or a normal user. |
| 76 |
# There's no real reason to exclude sbin paths from the normal user, |
| 77 |
# but it can make tab-completion easier when they aren't in the |
| 78 |
# user's PATH to pollute the executable namespace. |
| 79 |
# |
| 80 |
# It is intentional in the following line to use || instead of -o. |
| 81 |
# This way the evaluation can be short-circuited and calling whoami is |
| 82 |
# avoided. |
| 83 |
if [ "$EUID" = "0" ] || [ "$USER" = "root" ] ; then |
| 84 |
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${ROOTPATH}" |
| 85 |
else |
| 86 |
PATH="/usr/local/bin:/usr/bin:/bin:${PATH}" |
| 87 |
fi |
| 88 |
export PATH |
| 89 |
unset ROOTPATH |
| 90 |
|
| 91 |
# Extract the value of EDITOR |
| 92 |
[ -z "$EDITOR" ] && EDITOR="`. /etc/rc.conf 2>/dev/null; echo $EDITOR`" |
| 93 |
[ -z "$EDITOR" ] && EDITOR="/bin/nano" |
| 94 |
export EDITOR |
| 95 |
|
| 96 |
if [ -n "${BASH_VERSION}" ] ; then |
| 97 |
# Newer bash ebuilds include /etc/bash/bashrc which will setup PS1 |
| 98 |
# including color. We leave out color here because not all |
| 99 |
# terminals support it. |
| 100 |
if [ -f /etc/bash/bashrc ] ; then |
| 101 |
# Bash login shells run only /etc/profile |
| 102 |
# Bash non-login shells run only /etc/bash/bashrc |
| 103 |
# Since we want to run /etc/bash/bashrc regardless, we source it |
| 104 |
# from here. It is unfortunate that there is no way to do |
| 105 |
# this *after* the user's .bash_profile runs (without putting |
| 106 |
# it in the user's dot-files), but it shouldn't make any |
| 107 |
# difference. |
| 108 |
. /etc/bash/bashrc |
| 109 |
else |
| 110 |
PS1='\u@\h \w \$ ' |
| 111 |
fi |
| 112 |
else |
| 113 |
# Setup a bland default prompt. Since this prompt should be useable |
| 114 |
# on color and non-color terminals, as well as shells that don't |
| 115 |
# understand sequences such as \h, don't put anything special in it. |
| 116 |
PS1="`whoami`@`uname -n | cut -f1 -d.` \$ " |
| 117 |
fi |
| 118 |
|
| 119 |
for sh in /etc/profile.d/*.sh ; do |
| 120 |
if [ -r "$sh" ] ; then |
| 121 |
. "$sh" |
| 122 |
fi |
| 123 |
done |
| 124 |
unset sh |
| 125 |
/*****************************************************/ |
| 126 |
> |
| 127 |
> Syslog usually uses '/var/log/messages' as a collector for everything |
| 128 |
> that is being sent to it, so I'd check that file first. And make sure |
| 129 |
> the timestamps there are recent - it should mean that syslog is writing |
| 130 |
> to it and is not dead. |
| 131 |
I got the login information below from the tail of /var/log/messages: |
| 132 |
/********************************************/ |
| 133 |
Feb 13 15:47:18 Gentoo-F304-Server login[5735]: |
| 134 |
pam_unix(login:session): session opened for user root by LOGIN(uid=0) |
| 135 |
Feb 13 15:47:18 Gentoo-F304-Server login[15097]: ROOT LOGIN on 'tty1' |
| 136 |
Feb 13 15:47:18 Gentoo-F304-Server login[5735]: |
| 137 |
pam_unix(login:session): session closed for user root |
| 138 |
Feb 13 15:48:21 Gentoo-F304-Server login[15099]: |
| 139 |
pam_unix(login:session): session opened for user wcw by LOGIN(uid=0) |
| 140 |
Feb 13 15:48:21 Gentoo-F304-Server login[15099]: |
| 141 |
pam_unix(login:session): session closed for user wcw |
| 142 |
Feb 13 15:50:01 Gentoo-F304-Server cron[15469]: (root) CMD (test -x |
| 143 |
/usr/sbin/run-crons && /usr/sbin/run-crons ) |
| 144 |
Feb 13 15:50:01 Gentoo-F304-Server cron[15477]: (root) CMD (root^Itest |
| 145 |
-x /usr/sbin/run-crons && /usr/sbin/run-crons ) |
| 146 |
Feb 13 15:50:45 Gentoo-F304-Server sshd[15531]: Accepted |
| 147 |
keyboard-interactive/pam for wcw from 192.168.1.7 port 59220 ssh2 |
| 148 |
Feb 13 15:50:45 Gentoo-F304-Server sshd[15534]: |
| 149 |
pam_unix(sshd:session): session opened for user wcw by (uid=0) |
| 150 |
/********************************************/ |
| 151 |
|
| 152 |
The first two logins, which the timestamps are Feb 13 15:48:21 and Feb |
| 153 |
13 15:50:01, is from the terminal. And the last one is from ssh. |
| 154 |
|
| 155 |
> 'dmesg' command is usually a good source for failure messages too, but |
| 156 |
> only on kernel level (when something really nasty happens). There might |
| 157 |
> be some segfaults, produced by your shell, and usually indicate |
| 158 |
> programming or compilation errors. |
| 159 |
> |
| 160 |
> -- |
| 161 |
> Mike Kazantsev // fraggod.net |
| 162 |
> |
| 163 |
> |
| 164 |
Thanks for your patience and help! |
| 165 |
|
| 166 |
|
| 167 |
-- |
| 168 |
wcw |
Archives