From 1af0deb087b1d6b1109a838871933da97cb38474 Mon Sep 17 00:00:00 2001
From: Michael Schmitt <michael.schmitt@binance.com>
Date: Thu, 5 Aug 2021 23:58:26 -0600
Subject: [PATCH] fix(defaults): use nologin instead of /bin/false

---
 prometheus/config/users.sls | 2 +-
 prometheus/defaults.yaml    | 2 ++
 prometheus/osfamilymap.yaml | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/prometheus/config/users.sls b/prometheus/config/users.sls
index 5a61317..1e9efb2 100644
--- a/prometheus/config/users.sls
+++ b/prometheus/config/users.sls
@@ -18,7 +18,7 @@ prometheus-config-users-install-{{ name }}-user-present:
     - groups:
       - {{ name }}
               {%- if grains.os != 'Windows' %}
-    - shell: /bin/false
+    - shell: {{ p.shell }}
                   {%- if grains.kernel|lower == 'linux' %}
     - createhome: false
                   {%- elif grains.os_family == 'MacOS' %}
diff --git a/prometheus/defaults.yaml b/prometheus/defaults.yaml
index e938222..1f2a70a 100644
--- a/prometheus/defaults.yaml
+++ b/prometheus/defaults.yaml
@@ -310,6 +310,8 @@ prometheus:
     rootuser: root
     rootgroup: root
 
+  shell: /usr/sbin/nologin
+
   retry_option:
     # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
     attempts: 3
diff --git a/prometheus/osfamilymap.yaml b/prometheus/osfamilymap.yaml
index 021b20c..035331c 100644
--- a/prometheus/osfamilymap.yaml
+++ b/prometheus/osfamilymap.yaml
@@ -406,6 +406,7 @@ Windows:
 
 MacOS:
   div: '/'
+  shell: /sbin/nologin
   dir:
     default: /etc/defaults
   identity: