>Apparently the definition of login shell vs. interactive shell changed >somewhere in the lineage of SUNWssh. A Solaris 9 box running >113273-10 processed $HOME/.profile even when scp was being run. A >Solaris 9 box running 113273-11 never processes $HOME/.profile unless >an interactive session is used. The following CR seems to be >related...
I'm surprised it ran ~/.profile before. I'm certain it did not run *csh .login; a non-interactive shell never does that. >6176256 S9 ssh backporting project > >> AFAIK the question is now how "ssh" is expected to behave: Should a ssh >> session run a plain login shell in interactive mode or just a >> (non-login) interactive shell ? > >The way it behaves now makes it impossible to force a per-user PATH, >such as you may want to do in restricted shell environments. For >example, if I had previously created /rbin with symlinks to the >commands that a person is allowed to use and had an unmodifiable >.profile in place, escaping from the restricted shell is non-trivial >for the typical user. With the way that it works now, it is trivial >to run any command that is in the default (for all users) PATH and >bypass a restricted bin directory that was previously imposed. I can only imagine that something else changed instead. But the restricted shell is an interesting parameter in this; was that perhaps also changed? Casper
