Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Charles Hedrick via FreeIPA-users wrote:
One of my staff made a typo in his shell in “ipa user-mod —shell” It can be hard to recover from, since you can’t login.
Is there a way to restrict what they can use? Traditionally only shells in /etc/shells were valid.
There is no way currently.
Note that part of the problem is which /etc/shells to use? Remember that IPA is centralized and users may be using a number of different operating systems. This is why the default shell is /bin/sh, because it is nearly universal.
At the very least, it would be good to restrict it to /etc/shells on the current machine. Doesn't cover everything, but it's an improvement.
Thanks, --Robbie