#3641 default_shell parameter does not function with ldap provider

Created 5 months ago by firstyear
Modified 5 months ago

On all versions of SSSD (centos, fedora, freebsd), default_shell does not function if the shell from an ldap user is not present.

My shell is /bin/zsh - it may be uninstalled, or in a different location on freebsd.

The following occurs 100%

host# su william
su: /bin/zsh: No such file or directory
host# which /bin/sh
host# cat /usr/local/etc/sssd/sssd.conf | grep -i shell_fallback

I'm not sure I understand the issue, sorry -- is the issue that william has a shell assigned, but it doesn't exist on the client or that the user entry in LDAP has no shell at all? (Or a variant of the first where the shell is installed but not present in /etc/shells and therefore not reported by getusershell(3))?)

What shell does getpwnam return for william? Can you paste me the output of getent passwd william?

Ldap user william has a shell of /bin/zsh in their ldap object. But it does not exist on the target system.

william:*:1343600009:1343600009:William Brown:/home/william:/bin/zsh

In that case, isn't shell_fallback what you're looking for?

       shell_fallback (string)
           The default shell to use if an allowed shell is not installed on the machine.

           Default: /bin/sh

(Yes, the options for augmenting the shell are too many and too confusing..)

It also doesn't work then.

It says "default: /bin/sh"

Evidence is showing it's failing to apply. So this issue is still valid.

Login to comment on this ticket.