Originally Posted by Head_on_a_Stick
It parses the $SHELL variable.
This is stored in /etc/passwd
Actualy the SHELL variable is in the parent process. The initial value does come from /etc/passwd (or LDAP/NIS/... whatever you use for network authorization) on login.
You can change the shell used by either changing the environment variable, or by specifying the shell on the command line.
From the man page on xterm:
One parameter (after all options) may be given. That overrides xterm's
built-in choice of shell program:
· If the parameter is not a relative path, i.e., beginning with “./”
or “../”, xterm looks for the file in the user's PATH. In either
case, this check fails if xterm cannot construct an absolute path.
· If that check fails (or if no such parameter is given), xterm next
checks the “SHELL” variable. If that specifies an executable file,
xterm will attempt to start that. However, xterm additionally
checks if it is a valid shell, and will unset “SHELL” if it is not.
· If “SHELL” is not set to an executable file, xterm tries to use the
shell program specified in the user's password file entry. As
before, xterm verifies if this is a valid shell.
· Finally, if the password file entry does not specify a valid shell,
xterm uses /bin/sh.