is shells.checks necessary?

[liuyangc3]

if I set a login shell which not list in /etc/shells via chsh.ldap -s will get an error

is not a valid shell

but I just don't want to putmy login script in /etc/shells
,becase it is a part of my project, I want modify it in the repo dir.

so why the shells must be in /etc/shells, is it for some specific purpose?

[arthurdejong]

The behaviour of chsh.ldap is similar to usual chsh: login shell changes are subject to having the shell listed in /etc/shells. This is also enforced by nslcd. When running chsh.ldap as root you should be able to set any shell (similar to regular chsh).

While in theory this could be relaxed a bit because the LDAP modify operation is done with the user's DN and access controls to prevent malicious actions should be enforced by the LDAP server I am reluctant to change this.

Patches to disable this exrta check are welcome.

By the way, I don't think the error is "is not a valid shell" but "/foo/bar is an invalid shell".

[ghost]

a similar conversation about this is discussed in detail in this FreeBSD bug report.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216014

The conclusion is that /etc/shells is meant to be maintained by the administrator of the server controlling what shells are allowed to be login shells, period. This is the way it was always intended on Unix systems and software that allows you to change your user's shell should obey what is in /etc/shells.

[miklcct]

This function is buggy. I am reporting a bug soon (#61)