From f3554d80cf952229633936a46cf39ce302ebad54 Mon Sep 17 00:00:00 2001 From: cuberoot74088 Date: Sat, 19 Jun 2021 07:35:11 +0200 Subject: [PATCH] Set default shell to `bin/sh` (#488) --- examples/unixd | 2 +- kanidm_book/src/pam_and_nsswitch.md | 6 +++--- kanidm_client/tests/default_entries.rs | 2 +- kanidm_unix_int/src/constants.rs | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/unixd b/examples/unixd index 66dba4617..ec744e5bd 100644 --- a/examples/unixd +++ b/examples/unixd @@ -1,7 +1,7 @@ # this should be at /etc/kanidm/unixd, and configures kanidm-unixd # some documentation is here: https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md # pam_allowed_login_groups = ["posix_group"] -# default_shell = "/bin/bash" +# default_shell = "/bin/sh" # home_prefix = "/home/" # home_attr = "uuid" # home_alias = "spn" diff --git a/kanidm_book/src/pam_and_nsswitch.md b/kanidm_book/src/pam_and_nsswitch.md index 2a6b8f0f7..7aae9df53 100644 --- a/kanidm_book/src/pam_and_nsswitch.md +++ b/kanidm_book/src/pam_and_nsswitch.md @@ -44,7 +44,7 @@ Both unixd daemons use the connection configuration from /etc/kanidm/config. Thi You can also configure some unixd specific options with the file /etc/kanidm/unixd. pam_allowed_login_groups = ["posix_group"] - default_shell = "/bin/bash" + default_shell = "/bin/sh" home_prefix = "/home/" home_attr = "uuid" home_alias = "spn" @@ -55,7 +55,7 @@ The `pam_allowed_login_groups` defines a set of posix groups where membership of groups will be allowed to login via pam. All posix users and groups can be resolved by nss regardless of pam login status. This may be a group name, spn or uuid. -`default_shell` is the default shell for users with none defined. Defaults to /bin/bash. +`default_shell` is the default shell for users with none defined. Defaults to `/bin/sh`. `home_prefix` is the prepended path to where home directories are stored. Must end with a trailing `/`. Defaults to `/home/`. @@ -108,7 +108,7 @@ You can then test that the posix extended user is able to be resolved with: $ getent passwd $ getent passwd testunix - testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash + testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/sh You can also do the same for groups. diff --git a/kanidm_client/tests/default_entries.rs b/kanidm_client/tests/default_entries.rs index cc42dc4df..3840c2308 100644 --- a/kanidm_client/tests/default_entries.rs +++ b/kanidm_client/tests/default_entries.rs @@ -118,7 +118,7 @@ fn add_all_attrs(rsclient: &KanidmClient, id: &str, group_name: &str) { .idm_group_add_members("idm_admins", &[ADMIN_TEST_USER]) .unwrap(); rsclient - .idm_account_unix_extend(id, None, Some(&"/bin/bash")) + .idm_account_unix_extend(id, None, Some(&"/bin/sh")) .unwrap(); rsclient.idm_group_unix_extend(&group_name, None).unwrap(); diff --git a/kanidm_unix_int/src/constants.rs b/kanidm_unix_int/src/constants.rs index 725b8553b..67e39b33e 100644 --- a/kanidm_unix_int/src/constants.rs +++ b/kanidm_unix_int/src/constants.rs @@ -5,7 +5,7 @@ pub const DEFAULT_TASK_SOCK_PATH: &str = "/var/run/kanidm-unixd/task_sock"; pub const DEFAULT_DB_PATH: &str = "/var/cache/kanidm-unixd/kanidm.cache.db"; pub const DEFAULT_CONN_TIMEOUT: u64 = 2; pub const DEFAULT_CACHE_TIMEOUT: u64 = 15; -pub const DEFAULT_SHELL: &str = "/bin/bash"; +pub const DEFAULT_SHELL: &str = "/bin/sh"; pub const DEFAULT_HOME_PREFIX: &str = "/home/"; pub const DEFAULT_HOME_ATTR: HomeAttr = HomeAttr::Uuid; pub const DEFAULT_HOME_ALIAS: Option = Some(HomeAttr::Spn);