Ivars Strazdiņš wrote:
Hi,
just another basic question, I am sorry to spam the list.
Noticed that regular users can change their login shell in account settings.
Is it possible to lock login shell property for a regular user?
For a unix system, using standard PAM authentication, use of chsh
command can be restricted.
I could not find anything regarding this in IPA manual.
From the command-line on my 4.1 box:
$ kinit admin
$ ipa selfservice-show 'User Self service'
Copy the list of attributes and submit a new list without loginshell
$ ipa selfservice-mod
--attrs={givenname,sn,cn,displayname,title,initials,gecos,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,street,roomnumber,l,st,postalcode,manager,secretary,description,carlicense,labeleduri,inetuserhttpurl,seealso,employeetype,businesscategory,ou}
'User Self service'
Probably easier in the web UI: IPA Server -> RBAC -> drop down -> Self
service Permissions
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
