Skip to content

Fix no_invalid_shell_accounts_unlocked for unlocked user in last line of /etc/passwd#14751

Open
guyy-claroty wants to merge 1 commit into
ComplianceAsCode:masterfrom
guyy-claroty:fix-no_invalid_shell_accounts_unlocked-last-line
Open

Fix no_invalid_shell_accounts_unlocked for unlocked user in last line of /etc/passwd#14751
guyy-claroty wants to merge 1 commit into
ComplianceAsCode:masterfrom
guyy-claroty:fix-no_invalid_shell_accounts_unlocked-last-line

Conversation

@guyy-claroty
Copy link
Copy Markdown

@guyy-claroty guyy-claroty commented Jun 1, 2026

When the last line in /etc/passwd is an unlocked user with a valid shell, the shell path was parsed as '/path/to/shell\n' instead of just '/path/to/shell' and the comparison to valid shells list failed.

Fixes: #13657

Description:

  • Description here. Replace this text. Don't use the italics format!

Rationale:

  • Rationale here. Replace this text. Don't use the italics format!

  • Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.

Review Hints:

  • Review hints here. Replace this text. Don't use the italics format!

  • Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.

  • Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.

@guyy-claroty
Fix no_invalid_shell_accounts_unlocked for unlocked user in last line…
c60bb9b 
… of /etc/passwd

When the last line in /etc/passwd is an unlocked user with a valid shell,
the shell path was parsed as '/path/to/shell\n' instead of just
'/path/to/shell' and the comparison to valid shells list failed.

Fixes: ComplianceAsCode#13657
@openshift-ci openshift-ci Bot added the needs-ok-to-test Used by openshift-ci bot. label Jun 1, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jun 1, 2026

Hi @guyy-claroty. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@Mab879 Mab879 Awaiting requested review from Mab879 Mab879 is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

needs-ok-to-test Used by openshift-ci bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rule no_invalid_shell_accounts_unlocked is failing due to regular user

1 participant

@guyy-claroty