From 305e4c40c70bc3963f71eef82edbb3741438f8df Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Tue, 7 May 2024 14:13:11 -0500
Subject: [PATCH] Fix shell when creating new linux user account

---
 CHANGES.rst             |  6 ++++++
 rattail_fabric2/core.py | 30 +++++++++++++++++-------------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 4cff822..996bee3 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -2,6 +2,12 @@
 CHANGELOG
 =========
 
+Unreleased
+----------
+
+* Fix shell when creating new linux user account.
+
+
 0.3.3 (2023-09-25)
 ------------------
 
diff --git a/rattail_fabric2/core.py b/rattail_fabric2/core.py
index b50f1cc..43ad684 100644
--- a/rattail_fabric2/core.py
+++ b/rattail_fabric2/core.py
@@ -129,25 +129,29 @@ def mkdir(c, paths, owner=None, mode=None,
 
 
 def make_normal_user(c, username, full_name=None,
-                     disabled_login=True,
-                     password=None):
+                     shell='/bin/bash',
+                     password=None,
+                     disabled_login=False):
     """
     Make a new "normal" user account.
 
-    :param disabled_login: If true (the default), add the
-       ``--disabled-login`` flag to the ``adduser`` command.  The
-       reason this is the default, is to avoid being prompted for a
-       password to give the new account.
+    :param disabled_login: If true, will leave the account in a
+       non-usable state, i.e. with invalid shell.
     """
-    if not c.run('getent passwd {}'.format(username), warn=True).failed:
+    # do not bother if user exists
+    missing = c.run(f'getent passwd {username}', warn=True).failed
+    if not missing:
         return
 
-    if password:
-        disabled_login = True
-    disabled_login = '--disabled-login' if disabled_login else ''
-    c.sudo("adduser --gecos '{}' {} {}".format(full_name or username,
-                                               disabled_login,
-                                               username))
+    # nb. specify --disabled-login to avoid being prompted for password
+    c.sudo("adduser --gecos '{}' --disabled-login {}".format(full_name or username,
+                                                             username))
+
+    # then fix the shell unless we shouldn't
+    if not disabled_login:
+        c.sudo(f'usermod -s {shell} {username}')
+
+    # and maybe set password
     if password:
         c.sudo(f"bash -c 'echo {username}:{password} | chpasswd'",
                echo=False)