[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: change session's login shell

On Jul 25, 2011, at 5:04 PM, Frank Van Damme wrote:

> 2011/7/25 Jason Clifford <jason ukpost com>:
>> On Mon, Jul 25, 2011 at 2:11 PM, Frank Van Damme <frank vandamme gmail com>
>> wrote:
>>> I'd like to change a user's shell based on group membership. The group
>>> membership is no problem - that's what pam_listfile is for. Changing
>>> the shell, however, seems non-obvious. I've looked at the source code
>>> of pam_unix and it provides the path to the users login shell
>>> according to /etc/passwd, so it should be possible for a pam module to
>>> set the shell to an arbitrary value, right?
>> No because it's the ssh daemon or the login process that sets the shell.
> So they each use their own methods like grepping /etc/passwd, doing
> ldap lookups, or whatever it takes to come up with a shell - like
> "nothing" in the case of obscure authentication methods that the
> application happens to know nothing about?
This is out of scope for the pam list, but you should know that you can simply call getpwnam so you don't have to grep /etc/passwd.  Many large installations don't even have most of their users in /etc/passwd, but use NIS or LDAP instead.  getpwnam uses NSS to get all the users/passwords/groups.  Your initial feature request might be able to be implemented by writing a custom NSS module. [1]

Tim Nowaczyk

[1] http://www.gnu.org/s/hello/manual/libc/Extending-NSS.html#Extending-NSS

Timothy Nowaczyk
Network Systems Engineer
University of Virginia - ITC
tan7f virginia edu

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]