Chsh
Encyclopedia
chsh is a command
Command (computing)
In computing, a command is a directive to a computer program acting as an interpreter of some kind, in order to perform a specific task. Most commonly a command is a directive to some kind of command line interface, such as a shell....

 on Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....

 operating systems that is used to change a login shell
Unix shell
A Unix shell is a command-line interpreter or shell that provides a traditional user interface for the Unix operating system and for Unix-like systems...

. Users can either supply the pathname
Path (computing)
A path, the general form of a filename or of a directory name, specifies a unique location in a file system. A path points to a file system location by following the directory tree hierarchy expressed in a string of characters in which path components, separated by a delimiting character, represent...

 of the shell that they wish to change to on the command line, or supply no arguments, in which case chsh allows the user to change the shell interactively.

chsh is a setuid
Setuid
setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group...

 program that modifies the /etc/passwd file, and only allows ordinary users to modify their own login shells. The superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....

 can modify the shells of other users, by supplying the name of the user whose shell is to be modified as a command-line argument. For security reasons, the shells that both ordinary users and the superuser can specify are limited by the contents of the /etc/shells file, with the pathname of the shell being required to be exactly as it appears in that file. (This security feature is alterable by re-compiling the source code for the command with a different configuration option, and thus is not necessarily enabled on all systems.) The superuser can, however, also modify the password file directly, setting any user's shell to any executable file on the system without reference to /etc/shells and without using chsh.

On most systems, when chsh is invoked without the -s command-line option (to specify the name of the shell), it prompts the user to select one. On Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...

, if invoked without the -s option, chsh displays a text file in the default editor (initially set to vim) allowing the user to change all of the features of their user account that they are permitted to change, the pathname of the shell being the name next to "Shell:". When the user quits vim, the changes made there are transferred to the /etc/passwd file which only root can change directly.

Using the -s option (for example: % chsh -s bash) greatly simplifies the task of changing shells.

Depending on the system, chsh may or may not prompt the user for a password before changing the shell, or entering interactive mode. On some systems, use of chsh by non-root users is disabled entirely by the sysadmin.

On many Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...

s, the chsh command is a PAM
Pluggable Authentication Modules
Pluggable authentication modules are a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface . It allows programs that rely on authentication to be written independent of the underlying authentication scheme...

-aware application. As such, its behaviour can be tailored, using PAM configuration options, for individual users. For example, an auth directive that specifies the pam_listfile.so module can be used to deny chsh access to individual users, by specifying a file of the usernames to deny access to with the listfile= option to that module (along with the sense=deny option).

Further reading

— some examples of invoking chsh with the -s and -l options
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK