https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138923#M21167 <P>Yes and another rest of the firewallls are good so no issue from permission point of view but something wrong with specific affected node. still trying to figure out what is the cause of this.</P> Wed, 19 Jan 2022 17:11:10 GMT -K- 2022-01-19T17:11:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137113#M20748 <P>Hi</P><P>Does anybody have an idea when radius user is doing ssh to the gateway it lends to bash-4.4 shell instead of expert mode as we have&nbsp;set aaa radius-servers default-shell /bin/bash &amp;&nbsp;add rba role radius-group-any domain-type System all-features.</P><P>Local user lands properly to /bin/bash or expert mode but the issue is only with radius user.</P><P>Gateway is running on R80.40 - T120, tried all possible</P><P>any clue how this issue to be fixed ?</P><P>Please suggest, thanks.</P> Thu, 23 Dec 2021 15:52:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137113#M20748 -K- 2021-12-23T15:52:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137122#M20749 <P>I suspect there may be some confusion. Bash&nbsp;<STRONG><EM>is</EM></STRONG> expert mode.</P> Thu, 23 Dec 2021 18:39:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137122#M20749 Bob_Zimmerman 2021-12-23T18:39:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137141#M20755 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/27871">@Bob_Zimmerman</a>&nbsp;is absolutely right, bash IS expert mode. So say you have user called "radiususer", below are 2 most common commands to change the shell (though there are 7 of them I believe).</P> <P>To keep default mode (so they have to go to expert themselves), you would execute below, or keep it as default:</P> <P>chsh -s /etc/cli.sh radiususer</P> <P>To get them to expert mode when they log in:</P> <P>chsh -s /bin/bash radiususer</P> <P>For embedded gaia, its bashUser on and bashUser off</P> <P>Andy</P> Fri, 24 Dec 2021 04:15:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/137141#M20755 the_rock 2021-12-24T04:15:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138090#M20937 <P>Tried this but it seems this works with only local users and not with user as radiususer.</P><P><STRONG>chsh: can only change local entries.</STRONG></P> Tue, 11 Jan 2022 12:53:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138090#M20937 -K- 2022-01-11T12:53:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138092#M20939 <P>yes /bin/bash is expert mode, when user logs in using radius account it goes into bash4.4 which is kernal should go to expert mode.</P><P>When user logs in using local user it works perfectly fine going to /bin/bash expert mode.</P> Tue, 11 Jan 2022 12:47:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138092#M20939 -K- 2022-01-11T12:47:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138165#M20969 <P>As of GAiA 3.10, the version of bash included is 4.4.19. Expert mode is bash, and bash is expert mode.</P> <P>What is the difference you are seeing?</P> Tue, 11 Jan 2022 20:13:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138165#M20969 Bob_Zimmerman 2022-01-11T20:13:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138247#M20978 <P>not all commands working from bash4.4 and post going to clish respective commands works.</P><P>But when I use local user credentials - its going directly to expert mode which is (/bin/bash) expected but not the same case for Radius users.</P> Wed, 12 Jan 2022 11:54:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138247#M20978 -K- 2022-01-12T11:54:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138300#M20982 <LI-CODE lang="markup">[Expert@DallasSA]# echo $SHELL /bin/bash [Expert@DallasSA]# $SHELL --version GNU bash, version 4.4.19(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later &lt;http://gnu.org/licenses/gpl.html&gt; This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [Expert@DallasSA]# fwm ver This is Check Point Security Management Server R81 - Build 009 [Expert@DallasSA]# </LI-CODE> <P>Again, bash 4.4&nbsp;<EM>is expert mode</EM>. What exactly are you calling "bash4.4"? Is the prompt different, or something?</P> Wed, 12 Jan 2022 17:00:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138300#M20982 Bob_Zimmerman 2022-01-12T17:00:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138782#M21103 <P>I think I figured out what you mean! If the /etc/bashrc doesn't run, you wind up with a prompt like this:</P> <LI-CODE lang="markup">This system is for authorized use only. Last login: Tue Jan 18 19:48:04 2022 from &lt;address&gt; -bash-4.4# </LI-CODE> <P>That just means you weren't able to run the bashrc, which is where the prompt is changed.&nbsp;<EM>That</EM> is very weird, though, because /etc is world-readable and world-traversable, and /etc/bashrc is world-readable. If this is the prompt you see when you log in, I suspect something is&nbsp;<EM><STRONG>seriously</STRONG></EM> wrong with the permissions on your system.</P> Tue, 18 Jan 2022 19:51:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138782#M21103 Bob_Zimmerman 2022-01-18T19:51:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138923#M21167 <P>Yes and another rest of the firewallls are good so no issue from permission point of view but something wrong with specific affected node. still trying to figure out what is the cause of this.</P> Wed, 19 Jan 2022 17:11:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138923#M21167 -K- 2022-01-19T17:11:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138939#M21170 <P>That's probably login shell vs non-login shell, rather than a filesystem permission issue.</P> Wed, 19 Jan 2022 21:08:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-gateway-login-with-bash-4-4-shell/m-p/138939#M21170 nmelay 2022-01-19T21:08:11Z