Re: Changing a user's shell on CentOS Directory Server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Jun 1, 2009 at 2:45 AM, Michael A. Peters <mpeters@xxxxxxx> wrote:
> Bill Campbell wrote:
>> Personally I would not permit uses to change their shells, but
>> require appropriate admin privileges.  I have seen systems hacks
>> made via webmin or usermin where the user's shell was changed
>> from /bin/false to /bin/bash, then the account used to install
>> user-level bots that definately should not have been there.
>
> Any tool that changes the shell should have a whitelist of shells the
> user account must currently be set to or it exits, and probably should
> validate the new shell is in that white list as well before it changes it.


I should have been more precise in my original post.  After a second
read, I see that it sounds like I was asking for policy advice.
Actually, what I meant to ask was is it expected behavior that "lchsh"
fails for LDAP users?  If so, what are my choices for allowing users
to change their shells?  I can open up the permissions on
/etc/default/useradd, but maybe there's a better way.  I need this
capability.

"chsh" works for local users, so it's not that CentOS takes a stand
against users changing their shells.

Matt
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux