Fix salt user login shell path in Debian packages

changelog/64377.fixed.md

@@ -0,0 +1 @@
+Fix salt user login shell path in Debian packages

pkg/debian/salt-common.preinst

@@ -4,6 +4,7 @@ case "$1" in
     [ -z "$SALT_USER" ] && SALT_USER=salt
     [ -z "$SALT_NAME" ] && SALT_NAME="Salt"
     [ -z "$SALT_GROUP" ] && SALT_GROUP=salt
+    [ -z "$SALT_SHELL" ] && SALT_SHELL=/usr/sbin/nologin
 
     # create user to avoid running server as root
     # 1. create group if not existing
@@ -19,7 +20,7 @@ case "$1" in
       echo -n "Adding system user $SALT_USER.."
       useradd --system \
               --no-create-home \
-              -s /sbin/nologin \
+              -s $SALT_SHELL \
               -g $SALT_GROUP \
               $SALT_USER 2>/dev/null || true
       echo "..done"
@@ -27,6 +28,7 @@ case "$1" in
     # 4. adjust passwd entry
     usermod -c "$SALT_NAME" \
             -d $SALT_HOME   \
+            -s $SALT_SHELL  \
             -g $SALT_GROUP  \
              $SALT_USER
     # 5. adjust file and directory permissions

pkg/tests/integration/test_salt_user.py

@@ -57,6 +57,24 @@ def test_salt_user_group(install_salt):
     assert in_group is True
 
 
+def test_salt_user_shell(install_salt):
+    """
+    Test the salt user's login shell
+    """
+    proc = subprocess.run(
+        ["getent", "passwd", "salt"], check=False, capture_output=True
+    )
+    assert proc.returncode == 0
+    shell = ""
+    shell_exists = False
+    try:
+        shell = proc.stdout.decode().split(":")[6].strip()
+        shell_exists = pathlib.Path(shell).exists()
+    except:
+        pass
+    assert shell_exists is True
+
+
 def test_salt_cloud_dirs(install_salt):
     """
     Test the correct user is running the Salt Master