In a startup script that sets up a machine, I want to run
chsh -s /bin/zsh
However, this asks for the user's password. How do I pass in the password as a parameter? Or if I have sudo power, can I somehow bypass that step? Or alternatively, is there another way to change the default startup shell?
Best Answer
The following prevents locked-down accounts from changing their shells, and selectively lets people use
chsh
themselves WITHOUT sudo or su:Simple setup that is still secure:
Add this very top of
/etc/pam.d/chsh
:Create the chsh group:
For any user allowed to change their shell:
Money shot: