10

I have a LDAP server and a predefined shell (bash) set in it. But there are some machine on which I want a different shell to be used whenever user login to that instead of the shell stored in LDAP.

How can I do this?? Can someone give me some direction in this?

Thank you

Improve this question
2
  • which os/version? Commented Apr 20, 2010 at 6:22
  • OS - Debian Lenny Commented Apr 21, 2010 at 9:34

3 Answers 3

Reset to default
11

In /etc/ldap.conf add the following line:

nss_override_attribute_value loginShell <different_shell>

Best of luck,
João Miguel Neves

Improve this answer
2
  • 1
    Just a note that for this to work for me, I had to restart nscd after the change (/etc/init.d/nscd restart) Commented Dec 21, 2013 at 2:47
  • /etc/ldap.conf is libnss' configuration file. On debianish systems, it is /etc/libnss-ldap.conf. man nss_ldap on your system should give the exact name. I also had to run nscd -i passwd to flush nscd cache. Commented Sep 23, 2019 at 2:42
3

Shared home directories? If not, put into the users ~/.bash_profile (or whatever is the proper file, check INVOCATION in man bash):

exec /bin/tcsh

Or whatever shell you wish to replace bash with.

If they login using ssh, then you could use keypairs and forced commands.

Please note, depending where you place the exec for another shell, commands like scp may not function properly if you do not check for an interactive shell, like in the /etc/skel/.bashrc on Ubuntu.

Your best bet is to kindly ask your LDAP admin to change the loginShell for your LDAP user.

Improve this answer
3
  • Users will be login through ssh. Can you please elaborate a bit more on the use of keypairs and forced commands option. Can you please give me some pointers? Thank you. Commented Apr 21, 2010 at 9:36
  • SSH keypairs: <sial.org/howto/openssh/publickey-auth> Information about forced commands can be found on the man pages sshd(8) and sshd_config(5) Commented Apr 21, 2010 at 12:32
  • I couldn't find an option that automatically does it for all users. It should be something related to ldap as well, because here sshd will read the default shell from ldap. And I want to override that. Commented Apr 24, 2010 at 15:41
3

Thirteen years later ... for anyone finding this post while looking for a way to locally override the shell for a specific LDAP user on a specific host, there's a way you can do it by writing the override to the SSSD cache.

For example, something like

sudo sss_override user-add myuser -s /sbin/nologin

will set the shell locally for myuser to /sbin/nologin (preventing normal logins on that system). Use user-del to remove the override.

Typically you'll need to restart the daemon after making these changes.

sudo systemctl restart sssd

You'll probably need to install a package to use sss_override, eg. sssd-tools on RHEL.

Improve this answer
1
  • I've found plenty of "solutions" to this problem, but this is certainly the most elegant. Commented Apr 4, 2024 at 7:48

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.