Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:

> Charles Hedrick via FreeIPA-users wrote:
>
>> One of my staff made a typo in his shell in “ipa user-mod —shell” It
>> can be hard to recover from, since you can’t login.
>> 
>> Is there a way to restrict what they can use? Traditionally only
>> shells in /etc/shells were valid.
>
> There is no way currently.
>
> Note that part of the problem is which /etc/shells to use? Remember
> that IPA is centralized and users may be using a number of different
> operating systems. This is why the default shell is /bin/sh, because
> it is nearly universal.

At the very least, it would be good to restrict it to /etc/shells on the
current machine.  Doesn't cover everything, but it's an improvement.

Thanks,
--Robbie

Attachment: signature.asc
Description: PGP signature

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to