Re: change session's login shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Jul 25, 2011, at 5:04 PM, Frank Van Damme wrote:

> 2011/7/25 Jason Clifford <jason@xxxxxxxxxx>:
>> On Mon, Jul 25, 2011 at 2:11 PM, Frank Van Damme <frank.vandamme@xxxxxxxxx>
>> wrote:
>>> I'd like to change a user's shell based on group membership. The group
>>> membership is no problem - that's what pam_listfile is for. Changing
>>> the shell, however, seems non-obvious. I've looked at the source code
>>> of pam_unix and it provides the path to the users login shell
>>> according to /etc/passwd, so it should be possible for a pam module to
>>> set the shell to an arbitrary value, right?
>> No because it's the ssh daemon or the login process that sets the shell.
> So they each use their own methods like grepping /etc/passwd, doing
> ldap lookups, or whatever it takes to come up with a shell - like
> "nothing" in the case of obscure authentication methods that the
> application happens to know nothing about?
This is out of scope for the pam list, but you should know that you can simply call getpwnam so you don't have to grep /etc/passwd.  Many large installations don't even have most of their users in /etc/passwd, but use NIS or LDAP instead.  getpwnam uses NSS to get all the users/passwords/groups.  Your initial feature request might be able to be implemented by writing a custom NSS module. [1]

Tim Nowaczyk


Timothy Nowaczyk
Network Systems Engineer
University of Virginia - ITC

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux