Rob Crittenden via FreeIPA-users <>

> Charles Hedrick via FreeIPA-users wrote:
>> One of my staff made a typo in his shell in “ipa user-mod —shell” It
>> can be hard to recover from, since you can’t login.
>> Is there a way to restrict what they can use? Traditionally only
>> shells in /etc/shells were valid.
> There is no way currently.
> Note that part of the problem is which /etc/shells to use? Remember
> that IPA is centralized and users may be using a number of different
> operating systems. This is why the default shell is /bin/sh, because
> it is nearly universal.

At the very least, it would be good to restrict it to /etc/shells on the
current machine.  Doesn't cover everything, but it's an improvement.


Attachment: signature.asc
Description: PGP signature

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to