fix(init.d/ssh-audit): check if /etc/passwd is writable (#28)

cloudposse · Sep 13, 2018 · 529d2ce · 529d2ce
1 parent 4d056ea
commit 529d2ce
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rootfs/etc/init.d/ssh-audit b/rootfs/etc/init.d/ssh-audit
@@ -10,7 +10,7 @@ if [ "${SSH_AUDIT_ENABLED}" == "true" ]; then
 	echo "# valid login shells" > /etc/shells
 	echo "/usr/bin/sudosh" >> /etc/shells
 	echo "session requisite pam_exec.so quiet /usr/bin/sudosh-add-user" > /etc/pam.d/sudosh
-	chsh -s /usr/bin/sudosh root
+	[ -w /etc/passwd ] && chsh -s /usr/bin/sudosh root
 else
 	echo "- Disabling SSH Audit Logs"
 	:>/etc/pam.d/sudosh