TransWikia.com

FreeIpa. How to setup specific shell only on 1 host for group of users

Server Fault Asked by Sergii Skybenko on December 23, 2021

I’d like to set specific shell for group of users only in 1 host. In my environment already installed FreeIpa. In FreeIpa I can change shell for all my hosts, it is not my requirement.

One Answer

You can set up an ID View inside FreeIPA for the host. Unfortunately, ID Views are tied to individual users, and there is no way to apply a view to multiple users based on a group membership, so you will have to set up a separate entry in the view for each individual user.

# ipa idview-add my_view
------------------------------------------
Added ID View "my_view"
------------------------------------------
  ID View Name: my_view

# ipa idview-apply my_view --hosts=myhost.example.foo
--------------------------------------------
Applied ID View "my_view"
--------------------------------------------
  hosts: myhost.example.foo
---------------------------------------------
Number of hosts the ID View was applied to: 1
---------------------------------------------

# ipa idoverrideuser-add my_view some_user --shell=/bin/zsh
-------------------------------
Added User ID override "some_user"
-------------------------------
  Anchor to override: some_user
  Login shell: /bin/zsh

Note that if the host does not already have a view applied to it, you will need to restart sssd after creating it, as sssd only checks for the presence of a view on startup.

Answered by James Sneeringer on December 23, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP