Hi,
I'm trying to change the default shell for a group of users on an ubuntu 12.04 server. The server uses LDAP to create and authenticate users so these people aren't in /etc/passwd which leads to
root@tgit001:/home# chsh -s /usr/bin/git-shell user1
chsh: user 'user1' does not exist in /etc/passwd
root@tgit001:/home# usermod -s /usr/bin/git-shell user1
usermod: user 'user1' does not exist in /etc/passwd
I've tried changed the default shell by overriding the ldap attribute for the login shell in /etc/ldap.conf
nss_override_attribute_value loginShell /usr/bin/git-shell
I then restarted nscd (don't ask me why I was following someone else's post). Thought that would change the shell system-wide for LDAP accounts but nothing changed.
Then I tried adding peeps to /etc/passwd manually with a script I wrote
Code:
for i in `ldapsearch -xLLL cn=groupNeedingDiffShells | grep memberUid | cut -d ' ' -f 2`; do
if [[ "$i" != "boss1" ]] && [[ "$i" != "boss2" ]]; then
echo "Provisioning git-shell environment for $i..."
if grep --quiet "$i:" /etc/passwd; then
echo "$i is already in /etc/passwd"
else
echo `getent passwd $i` >> /etc/passwd
fi
/usr/sbin/usermod -s /usr/bin/git-shell $i
if [ ! -d /home/$i/git-shell-commands ]; then
/bin/cp -R /usr/bin/git-shell-commands /home/$i/
/bin/chown -R $i:$i /home/$i/git-shell-commands
/bin/chmod -R 755 /home/$i/git-shell-commands
fi
fi
done
The above script works but my boss shot this down since he doesn't want me adding entries manually to /etc/passwd. So I guess my questions are
1. Is adding entries to /etc/passwd manually advisable in this scenario? What are some potential problems that may arise?
2. I don't want to change the loginShell attribute in LDAP for those users since we have a bunch more instances where a bash shell is needed. Is there some way to set a system-wide default shell? Or another command to change a user's shell that will work for LDAP users?
THanks