Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 657
    • Issues 657
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 337
    • Merge requests 337
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #13017
Closed
Open
Issue created Sep 16, 2021 by Eric Shieh@ericshieh

main/alpine-baselayout: profile $PATH has the wrong path order with SSH

Currently /etc/profile checks for duplicate paths, however, when used with SSH, this will lead to incorrect PATH order after SSH login.

$ grep PATH /etc/ssh/sshd_config
# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin

# login from console
$ printenv PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# login from SSH
$ printenv PATH
/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin

Since SSH already comes with PATH /bin:/usr/bin:/sbin:/usr/sbin, after logging in and excluding duplicates, it becomes /bin:/usr/bin:/sbin:/usr/sbin + :/usr/local/sbin:/usr/local/bin.

Steps to reproduce (with docker):

start-sshd.sh

#!/bin/sh
set -e
apk --no-cache --update \
    --repository https://dl-cdn.alpinelinux.org/alpine/v3.14/main \
    add openssh-server
rm -rf /var/lib/apk/*

passwd -d -u root

ssh-keygen -t ed25519 -P "" -f /etc/ssh/ssh_host_ed25519_key
sed -i \
    -e 's/#\(PermitRootLogin\).*/\1 yes/g' \
    -e 's/#\(PasswordAuthentication\).*/\1 yes/g' \
    -e 's/#\(PermitEmptyPasswords\).*/\1 yes/g' \
    /etc/ssh/sshd_config

exec /usr/sbin/sshd -D
# 1. Run the SSH server
CONTAINER_ID=$(docker run -d --rm -v $PWD/start-sshd.sh:/start-sshd.sh:ro --init alpine:3.14 /bin/sh /start-sshd.sh)
CONTAINER_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$CONTAINER_ID" | head -n1)

# 2. Check $PATH with docker exec
$ docker exec "$CONTAINER_ID" printenv PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# 3. Check $PATH after SSH login
$ ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null "root@$CONTAINER_IP"
$ printenv PATH
/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin

# 4. Stop and remove container
$ docker stop "$CONTAINER_ID"

related:

  • Issue #12803 (closed)
  • MR !22657 (closed)
  • Commit 6104bf46
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking