mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Set default shell to bin/sh (#488)

Browse source
This commit is contained in:
cuberoot74088 2021-06-19 07:35:11 +02:00 committed by GitHub
parent f5e2295319
commit f3554d80cf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
examples/unixd
View file

@ -1,7 +1,7 @@
# this should be at /etc/kanidm/unixd, and configures kanidm-unixd
# some documentation is here: https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md
# pam_allowed_login_groups = ["posix_group"]
# default_shell = "/bin/bash"
# default_shell = "/bin/sh"
# home_prefix = "/home/"
# home_attr = "uuid"
# home_alias = "spn"

6
kanidm_book/src/pam_and_nsswitch.md
View file

@ -44,7 +44,7 @@ Both unixd daemons use the connection configuration from /etc/kanidm/config. Thi
You can also configure some unixd specific options with the file /etc/kanidm/unixd.
pam_allowed_login_groups = ["posix_group"]
default_shell = "/bin/bash"
default_shell = "/bin/sh"
home_prefix = "/home/"
home_attr = "uuid"
home_alias = "spn"
@ -55,7 +55,7 @@ The `pam_allowed_login_groups` defines a set of posix groups where membership of
groups will be allowed to login via pam. All posix users and groups can be resolved by nss
regardless of pam login status. This may be a group name, spn or uuid.
`default_shell` is the default shell for users with none defined. Defaults to /bin/bash.
`default_shell` is the default shell for users with none defined. Defaults to `/bin/sh`.
`home_prefix` is the prepended path to where home directories are stored. Must end with
a trailing `/`. Defaults to `/home/`.
@ -108,7 +108,7 @@ You can then test that the posix extended user is able to be resolved with:
$ getent passwd <account name>
$ getent passwd testunix
testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash
testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/sh
You can also do the same for groups.

2
kanidm_client/tests/default_entries.rs
View file

@ -118,7 +118,7 @@ fn add_all_attrs(rsclient: &KanidmClient, id: &str, group_name: &str) {
.idm_group_add_members("idm_admins", &[ADMIN_TEST_USER])
.unwrap();
rsclient
.idm_account_unix_extend(id, None, Some(&"/bin/bash"))
.idm_account_unix_extend(id, None, Some(&"/bin/sh"))
.unwrap();
rsclient.idm_group_unix_extend(&group_name, None).unwrap();

2
kanidm_unix_int/src/constants.rs
View file

@ -5,7 +5,7 @@ pub const DEFAULT_TASK_SOCK_PATH: &str = "/var/run/kanidm-unixd/task_sock";
pub const DEFAULT_DB_PATH: &str = "/var/cache/kanidm-unixd/kanidm.cache.db";
pub const DEFAULT_CONN_TIMEOUT: u64 = 2;
pub const DEFAULT_CACHE_TIMEOUT: u64 = 15;
pub const DEFAULT_SHELL: &str = "/bin/bash";
pub const DEFAULT_SHELL: &str = "/bin/sh";
pub const DEFAULT_HOME_PREFIX: &str = "/home/";
pub const DEFAULT_HOME_ATTR: HomeAttr = HomeAttr::Uuid;
pub const DEFAULT_HOME_ALIAS: Option<HomeAttr> = Some(HomeAttr::Spn);