Andrew Bogott has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/361595 )
Change subject: nslcd: Remove Labs shell override ...................................................................... nslcd: Remove Labs shell override We used to set the shells for some LDAP accounts to /usr/local/bin/sillyshell in the olden days of svn to allow them to push patches without actually getting an interactive shell. This caused problems when users started also being granted access to VMs in Labs, so a horrible hack was born. The VMs in Labs told nslcd to ignore the shell set in LDAP and instead always use /bin/bash. This means that Labs users can't set an alternate shell and also that /bin/false can't be used to lock accounts out of interactive shells if needed. The old /usr/local/bin/sillyshell records have been cleaned up and all posixAccount records in LDAP now have a sane shell, so lets remove the old hack. Bug: T86668 Change-Id: I8abb211b04abc68f983aac2ebfcb08b51e3b73a1 --- M modules/ldap/templates/nslcd.conf.erb 1 file changed, 0 insertions(+), 2 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved Hashar: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/ldap/templates/nslcd.conf.erb b/modules/ldap/templates/nslcd.conf.erb index 447e14b..1c2258e 100644 --- a/modules/ldap/templates/nslcd.conf.erb +++ b/modules/ldap/templates/nslcd.conf.erb @@ -46,8 +46,6 @@ <%- if @shell_override %> map passwd loginshell "<%= @shell_override %>" -<%- elsif @realm == "labs" %> -map passwd loginshell "/bin/bash" <%- end %> pagesize <%= @ldapconfig["pagesize"] %> -- To view, visit https://gerrit.wikimedia.org/r/361595 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8abb211b04abc68f983aac2ebfcb08b51e3b73a1 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Hashar <has...@free.fr> Gerrit-Reviewer: Madhuvishy <mviswanat...@wikimedia.org> Gerrit-Reviewer: Rush <r...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
