On Mon, 27 Mar 2017, me(a)vitalykarasik.com wrote:
We have a few RHEL7 boxes for developers, users are authenticated
Each developer has his/her own Linux machine, all Linuxes are managed by
Puppet. Till now all users used BASH ("default_shell = /bin/bash"). Now we
have a few users which want ZSH. Because we'd like to keep sssd.conf
standard on all linuxes, we thought about use something like:
allowed_shells = /bin/zsh,/bin/bash
shell_fallback = /bin/bash
So if certain linux box has ZSH installed, user will get it; else it will
use BASH. We tried this config, and played with other shell-related config
params - nothing work. Users receive /bin/sh instead of bash and zsh.
If you want users to get the shell they want, then you need to set the shell
they want in Active Directory, and make sure SSSD is configured to look at the
right attribute. Otherwise you may find it's reading a duff attribute, or
it's reading the right one but it contains /bin/sh.
If you're managing it by puppet, and you actually want the config you
describe, you could just set default_shell for the machines differently, so
it's set to zsh on some and bash on others.