SSH logins to the Phi coprocessor fail if user's shell is not bash or sh

SSH logins to the Phi coprocessor fail if user's shell is not bash or sh

Hello all,

I'm just pointing this out because it is not documented somewhere (I think). Because the host's /etc/passwd lines are copied "as is" to the coprocessor, there is a chance that ssh logins will fail due to a non-existent shell. Specifically, the coprocessor OS image only contains sh, bash and ash. If you are using anything else logins will fail silently. This is a bug. Should I report it somewhere properly?

Cheers!

10 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

I hadn't realized that the shell wasn't changing to sh when the coprocessor passwd file is created. If you have access to https://premier.intel.com you can submit an issue. Submitting it yourself will mean that you get updates when the issue is addressed. If you cannot access https://premier.intel.com, I can submit an issue for you.

As far as dealing with the issue for now, I can think of two possible workarounds:

1) Edit /var/mpss/mic*/etc/passwd for each coprocessor card, changing the unsupported shells to bash.

2) In /var/mpss/common.filelist, add the lines:

dir /bin 755 0 0
slink /bin/myshellname  /bin/ssh 0755 0 0

引文:

Frances Roth (Intel) 写道:

I hadn't realized that the shell wasn't changing to sh when the coprocessor passwd file is created. If you have access to https://premier.intel.com you can submit an issue. Submitting it yourself will mean that you get updates when the issue is addressed. If you cannot access https://premier.intel.com, I can submit an issue for you.

It seems I do not have access there, so could you please do this?

引文:

Frances Roth (Intel) 写道:

As far as dealing with the issue for now, I can think of two possible workarounds:

1) Edit /var/mpss/mic*/etc/passwd for each coprocessor card, changing the unsupported shells to bash.

2) In /var/mpss/common.filelist, add the lines:

dir /bin 755 0 0
slink /bin/myshellname  /bin/ssh 0755 0 0

You mean slink to /bin/sh and not /bin/ssh I suppose, right?

Also, what triggers the update of /var/mpss/mic*/passwd files, and when are those copied to the Phi OS? Does it happen at service start time or this is done using micctrl?

Looking back, I see I still owe you an update. I put in a request asking that the developers consider adding a flag to the micctrl options used to update the passwd file, so that you can choose to keep the shells used in the host passwd file or change them all to something consistent like bash. That way, people who prefer to add additional shells to the coprocessor rather than limit the login shells used in the passwd file will be able to do so. But those who want it to just plain work without needing to add new shells or hand edit the passwd file will have that option. Hopefully that will help.

And yes, you are right, I meant /bin/sh, not /bin/ssh. For all the wonderful spell checkers we have, it still can't catch it when I make silly errors like that.

As far as what triggers updates to the /var/mpss/mic0/etc/passwd files, several micctrl options can do that, such as --initdefaults, --resetconfig, --resetdefaults, --cleanconfig, --userupdate, --useradd and --userdel. The --useradd and --userdel options should only affect the one user you are trying to change. Of the others, all except --cleanconfig, have additional options to say if you want the passwd file to be stripped to the bare bones, updated with all the changes to the host's passwd file, updated only with new users who have been added to the host's passwd file, or left untouched. The --cleanconfig option is kind of a hard reset of the coprocessor configuration, so, of course it just goes in and removes the file. 

At coprocessor boot time, the contents of /var/mpss/mic0/ are packaged up with the base files, common files and overlay files and put into the compressed file, mic0.image.gz, which gets copied to the coprocessor. 

It might be nice if some of the more common "alternative" shells (tcsh?) got added to the base MPSS distribution.  I tried building a version of tcsh but the source distribution is not cross-compile friendly. :^(

Craig, just noted your request. Have you installed the latest version of the MPSS (3.2.3)? tcsh is now included. Not every popular shell but at least tcsh.

As far as dealing with the general issue, I am waiting to hear when there will be a solution released to avoid blindly include unsupported shells in the passwd file.

3.2.3 is on my to do list, but these (*csh) baby ducks thank you. ;^)
 

Craig,

My apologies. I got it wrong. tcsh is not in 3.2.3. I'm afraid all those (*csh) baby ducks will need to wait a little longer.

Hi, Frances.

Any idea on when tcsh or csh will be included?

Thanks!  --Bracy

P.S. Please send me an E-mail.

Hi,

I also wonder when tcsh will be included. It would be nice. It does not seem to be in the 3-4 version neither in the basic or in the cars side files.

Thank you. :)

Jonathan

Leave a Comment

Please sign in to add a comment. Not a member? Join today