Linux: neither chsh nor ypchsh is working, can I change my shell?

8

3

I'm an old-school Unix guy, so my Linux skills are probably slightly out-dated. But this seems like it should be simple enough.

On a Red Hat Linux system where I do not have root (it is administered by the company IT department), I want to be able to change my login shell. Running chsh gives me:

$ chsh -s /bin/bash
chsh: can only change local entries; use ypchsh instead.

So, I ran ypchsh instead:

$ ypchsh userid
ypchsh: can't find the master ypserver: Internal NIS error

What gives? Anyone have any other ideas?

Ogre Psalm33

Posted 2011-05-12T15:26:48.543

Reputation: 475

3Are you really using NIS? Or is it something like LDAP? – Ignacio Vazquez-Abrams – 2011-05-12T15:32:17.583

I am pretty certain our network is using LDAP, as NIS is pretty antiquated at this point. – Ogre Psalm33 – 2011-05-12T16:19:20.113

Answers

8

  • NIS: ypchsh

  • LDAP:

    $ ldapmodify <<EOF
    dn: YOUR_DN
    changetype: modify
    replace: loginShell
    loginShell: /bin/bash
    -
    EOF
    

    (YOUR_DN might be in the form uid=$USER,ou=people,dc=example,dc=org; try ldapwhoami to see)

  • Hesiod: Ask system administrator.

  • Active Directory: Ask system administrator.

user1686

Posted 2011-05-12T15:26:48.543

Reputation: 283 655

A coworker told me they thought it was LDAP, but ldapwhoami gives "ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:", so I'm guessing Active Directory at this point. I'll have to ask IT. – Ogre Psalm33 – 2011-05-13T12:59:57.857

@Ogre: Check /etc/nsswitch.conf (line 'passwd') to make sure. – user1686 – 2011-05-13T13:02:23.620

5

I have used one workaround to change my shell at login. I have just put bash which is used to change the shell in my .profile file.

You can find .profile in the user's home directory – use ls -la to see it.

Your .profile file may have something like this:

PATH=/usr/bin
export PATH
#Add this to go bash at login
bash
#end

Kishor Raskar

Posted 2011-05-12T15:26:48.543

Reputation: 51

I do the same with the .shellrc (changed to the correct file name), but I also declare an environment variable before, and exec bash only if it is not set, to allow manually executing the shell, and to prevent unfortunate loops. Note that you don't have to use a particular shell dialect, as you can just exec a script with the right shebang to perform these operations. – MayeulC – 2018-10-23T15:10:47.237

7This is a fair workaround. Although, it would be easier to have only /usr/bin/bash on a single line. Also it's probably nicer to 'exec' the new shell thus replacing the current process. – Peter Jenkins – 2012-11-16T07:05:51.127

4

So the real answer in my case is that the system admins (IT) want to lock down the standard config, so you have to ask them. But in the processt I discovered some more helpful commands for figuring out your LDAP configuration (if that happens to be how you are configured), just in case your system reports the same SASL error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:"

List the SASL authentication methods that your system supports:

 ldapsearch -x -LLL -s "base" -b "" supportedSASLMechanisms

Results might be something like:

dn:
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5

You can then pass the authentication method to LDAP commands using the -Y option like so:

ldappasswd -Y DIGEST-MD5
ldapmodify -Y DIGEST-MD5

Ogre Psalm33

Posted 2011-05-12T15:26:48.543

Reputation: 475

4

Another solution is to simply override your YP shell:

Add this line to your /etc/passwd:

+<USERNAME>::::::/bin/bash

Example:

+psalm33::::::/bin/bash

And add the following to your /etc/nsswitch.conf:

passwd: compat

passwd_compat: nis

Hooman

Posted 2011-05-12T15:26:48.543

Reputation: 161

As I stated, I do not have root on my system (so files in /etc are off-limits for editing). But, this answer might help someone else with a similar issue. – Ogre Psalm33 – 2014-02-20T14:29:25.090

0

Another way to see the credentials for the top answer is ldapsearch -x

ldapsearch -x uid=$(whoami)

serv-inc

Posted 2011-05-12T15:26:48.543

Reputation: 400