From 529d2cea7f003c01924f78ff55f95411314b6fe4 Mon Sep 17 00:00:00 2001
From: Alexander Babai <aliaksandr.babai@gmail.com>
Date: Thu, 13 Sep 2018 23:26:00 +0300
Subject: [PATCH] fix(init.d/ssh-audit): check if /etc/passwd is writable (#28)

---
 rootfs/etc/init.d/ssh-audit | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootfs/etc/init.d/ssh-audit b/rootfs/etc/init.d/ssh-audit
index 7358e6d..fb0b458 100755
--- a/rootfs/etc/init.d/ssh-audit
+++ b/rootfs/etc/init.d/ssh-audit
@@ -10,7 +10,7 @@ if [ "${SSH_AUDIT_ENABLED}" == "true" ]; then
 	echo "# valid login shells" > /etc/shells
 	echo "/usr/bin/sudosh" >> /etc/shells
 	echo "session requisite pam_exec.so quiet /usr/bin/sudosh-add-user" > /etc/pam.d/sudosh
-	chsh -s /usr/bin/sudosh root
+	[ -w /etc/passwd ] && chsh -s /usr/bin/sudosh root
 else
 	echo "- Disabling SSH Audit Logs"
 	:>/etc/pam.d/sudosh