ssh/tailssh: fix non-interactive commands as non-root user

Updates #3802 Change-Id: I89a3f14420b8782bc407b1939dce54a1d24636da Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 11:08:06 -08:00 · 2022-02-24 11:08:06 -08:00 · cce6aad6c0
parent e2ed06c53c
commit cce6aad6c0
1 changed files with 6 additions and 3 deletions
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@ -203,16 +203,19 @@ func (srv *server) handleAcceptedSSH(ctx context.Context, s ssh.Session, ci *ssh
 			return
 		}
 		cmd = exec.Command(loginShell(lu.Uid))
+		if rawCmd := s.RawCommand(); rawCmd != "" {
+			cmd.Args = append(cmd.Args, "-c", rawCmd)
+		}
 	} else {
 		if rawCmd := s.RawCommand(); rawCmd != "" {
 			cmd = exec.Command("/usr/bin/env", "su", "-c", rawCmd, localUser)
-			cmd.Dir = lu.HomeDir
-			cmd.Env = append(cmd.Env, envForUser(lu)...)
 			// TODO: and Env for PATH, SSH_CONNECTION, SSH_CLIENT, XDG_SESSION_TYPE, XDG_*, etc
 		} else {
 			cmd = exec.Command("/usr/bin/env", "su", "-", localUser)
 		}
 	}
+	cmd.Dir = lu.HomeDir
+	cmd.Env = append(cmd.Env, envForUser(lu)...)
 	if ptyReq.Term != "" {
 		cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", ptyReq.Term))
 	}
@ -397,7 +400,7 @@ func loginShell(uid string) string {
 		// out is "root:x:0:0:root:/root:/bin/bash"
 		f := strings.SplitN(string(out), ":", 10)
 		if len(f) > 6 {
-			return f[6] // shell
+			return strings.TrimSpace(f[6]) // shell
 		}
 	}
 	if e := os.Getenv("SHELL"); e != "" {