Simplify the meaning of %s

The rules governing %s where just too complicated. First of all, looking at $SHELL is dangerous. For systemd --system, it usually wouldn't be set. But it could be set if the admin first started a debug shell, let's say /sbin/sash, and then launched systemd from it. This shouldn't influence how daemons are started later on, so is better ignored. Similar reasoning holds for session mode. Some shells set $SHELL, while other set it only when it wasn't set previously (e.g. zsh). This results in fragility that is better avoided by ignoring $SHELL totally. With $SHELL out of the way, simplify things by saying that %s==/bin/sh for root, and the configured shell otherwise. get_shell() is the only caller, so it can be inlined. Fixes one issue seen with 'make check'.
2013-03-26 19:37:14 -04:00 · 2013-03-26 19:37:14 -04:00 · 3baed19327
parent a63a5c4687
commit 3baed19327
5 changed files with 32 additions and 64 deletions
--- a/man/systemd.unit.xml.in
+++ b/man/systemd.unit.xml.in
@ -1270,7 +1270,14 @@
                      <row>
                        <entry><literal>%s</literal></entry>
                        <entry>User shell</entry>
-                        <entry>This is the shell of the configured user of the unit, or (if none is set) the user running the systemd instance.</entry>
+                        <entry>This is the shell of the configured
+                        user of the unit, or (if none is set) the user
+                        running the systemd instance.  If the user is
+                        <literal>root</literal> (UID equal to 0), the
+                        shell configured in account database is
+                        ignored and <filename>/bin/sh</filename> is
+                        always used.
+                        </entry>
                      </row>
                      <row>
                        <entry><literal>%m</literal></entry>
--- a/src/core/unit-printf.c
+++ b/src/core/unit-printf.c
@ -190,28 +190,37 @@ static char *specifier_user_shell(char specifier, void *data, void *userdata) {
        ExecContext *c;
        int r;
        const char *username, *shell;
+        char *ret;

        assert(u);

        c = unit_get_exec_context(u);

-        /* return HOME if set, otherwise from passwd */
-        if (!c || !c->user) {
-                char *sh;
+        if (c && c->user)
+                username = c->user;
+        else
+                username = "root";

-                r = get_shell(&sh);
-                if (r < 0)
-                        return strdup("/bin/sh");
-
-                return sh;
+        /* return /bin/sh for root, otherwise the value from passwd */
+        r = get_user_creds(&username, NULL, NULL, NULL, &shell);
+        if (r < 0) {
+                log_warning_unit(u->id,
+                                 "Failed to determine shell: %s",
+                                 strerror(-r));
+                return NULL;
        }

-        username = c->user;
-        r = get_user_creds(&username, NULL, NULL, NULL, &shell);
-        if (r < 0)
-                return strdup("/bin/sh");
+        if (!path_is_absolute(shell)) {
+                log_warning_unit(u->id,
+                                 "Shell %s is not absolute, ignoring.",
+                                 shell);
+        }

-        return strdup(shell);
+        ret = strdup(shell);
+        if (!ret)
+                log_oom();
+
+        return ret;
 }

 char *unit_name_printf(Unit *u, const char* format) {
--- a/src/shared/util.c
+++ b/src/shared/util.c
@ -5246,53 +5246,6 @@ int get_home_dir(char **_h) {
        return 0;
 }

-int get_shell(char **_sh) {
-        char *sh;
-        const char *e;
-        uid_t u;
-        struct passwd *p;
-
-        assert(_sh);
-
-        /* Take the user specified one */
-        e = getenv("SHELL");
-        if (e) {
-                sh = strdup(e);
-                if (!sh)
-                        return -ENOMEM;
-
-                *_sh = sh;
-                return 0;
-        }
-
-        /* Hardcode home directory for root to avoid NSS */
-        u = getuid();
-        if (u == 0) {
-                sh = strdup("/bin/sh");
-                if (!sh)
-                        return -ENOMEM;
-
-                *_sh = sh;
-                return 0;
-        }
-
-        /* Check the database... */
-        errno = 0;
-        p = getpwuid(u);
-        if (!p)
-                return errno ? -errno : -ESRCH;
-
-        if (!path_is_absolute(p->pw_shell))
-                return -EINVAL;
-
-        sh = strdup(p->pw_shell);
-        if (!sh)
-                return -ENOMEM;
-
-        *_sh = sh;
-        return 0;
-}
-
 void fclosep(FILE **f) {
        if (*f)
                fclose(*f);
--- a/src/shared/util.h
+++ b/src/shared/util.h
@ -519,7 +519,6 @@ bool in_initrd(void);

 void warn_melody(void);

-int get_shell(char **ret);
 int get_home_dir(char **ret);

 static inline void freep(void *p) {
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@ -164,7 +164,7 @@ static void test_unit_printf(void) {
        expect(u, "%u", root->pw_name);
        expect(u, "%U", root_uid);
        expect(u, "%h", root->pw_dir);
-        expect(u, "%s", root->pw_shell);
+        expect(u, "%s", "/bin/sh");
        expect(u, "%m", mid);
        expect(u, "%b", bid);
        expect(u, "%H", host);
@ -184,7 +184,7 @@ static void test_unit_printf(void) {
        expect(u2, "%u", root->pw_name);
        expect(u2, "%U", root_uid);
        expect(u2, "%h", root->pw_dir);
-        expect(u2, "%s", root->pw_shell);
+        expect(u2, "%s", "/bin/sh");
        expect(u2, "%m", mid);
        expect(u2, "%b", bid);
        expect(u2, "%H", host);