[CentOS] Changing a user's shell on CentOS Directory Server?

Tue Jun 2 04:11:24 UTC 2009
Bill Campbell <centos at celestial.com>

On Mon, Jun 01, 2009, Matt Harrington wrote:
...
>I should have been more precise in my original post.  After a second
>read, I see that it sounds like I was asking for policy advice.
>Actually, what I meant to ask was is it expected behavior that "lchsh"
>fails for LDAP users?  If so, what are my choices for allowing users
>to change their shells?  I can open up the permissions on
>/etc/default/useradd, but maybe there's a better way.  I need this
>capability.
>
>"chsh" works for local users, so it's not that CentOS takes a stand
>against users changing their shells.

I think it was chsh that had a major security problem a while
back that would permit user's to change their uid to ``0'' with
the expect bad results.  I ran into this on a SuSE system where
chsh was called from usermin.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

"If taxation without consent is not robbery, then any band of robbers
have only to declare themselves a government, and all their robberies
are legalized." -- Lysander Spooner, Letter to Grover Cleveland 1886