I’m setting up a connection through an LDAP directory. In this directory, the shell assigned to users is called kwartz-sh, so if the user tries to login it fails even though everything else is configured correctly. It’s not possible to modify the LDAP directory itself (and the server is not designed to work with Linux workstations), the official solution, provided by the editor, and used by all, is this command: “ln -sf bash /bin/kwartz-sh”. This solution has always worked fine, but it doesn’t work on Silverblue, since /bin is a link to /usr/bin which is read-only.
Is it possible to create some sort of custom overlay, or does anyone have a completely different solution? Since, by all logic, the choice of the shell is done before the shell’s $PATH exists, I don’t see any other way than the official solution.
Thank you all very much in advance.
I’d probably make an RPM with a symlink or shim with that name, then layer that.
I just went through How to create a Linux RPM package, and it all looks overly complicated, I really hope there’s a much simpler solution.
[EDIT] I just realized you want them using bash, but the login is looking for kwartz-sh so I flipped around my alias command.
Instead of a sym-link, you could always create an alias and put it in
/etc/profile.d or in
/etc/environment. You would basically do:
echo "alias kwartz-sh=/bin/bash" > /etc/profile.d/my-link.sh
echo "alias kwartz-sh=/bin/bash" >> /etc/environment
Will that work for the login shell?
No, if the LDAP says the login shell is literally
/bin/kwartz-sh, then that must be a real file/link.
I’ve never had to do anything similar to what OP is trying to do, so I was taking a shot in the dark.
It’s looking like your best option is going to be to build an RPM. If you’re setting up multiple workstations, which it kinda sounds like your planning on, an RPM would be a good idea.
You’re going to have to use the livefs option of rpm-ostree. It’s experimental but let’s you write to the immutable areas for the current commit. So that means you would have to do this after every update manuallyOops, I’m wrong, you can use the --hotfix option to make it persistent across updates. You should look at
ostree admin unlock --help to see the command. You do this as sudo possibly with -i to be seen as root. So the command would be
sudo ostree admin unlock which unlocks your current deployment. You apply your changes then you should be good to go. You may apply changes then use the --hotfix option with the command again to turn your changes into persistent ones.
 fixed suggested command.
This solution works, thanks. (small note, you wrote “sudo ostree unlock”, the “admin” is missing before the “unlock”.)
I ended up finding another solution by taking the problem from the other end, adding “map passwd loginShell “/bin/bash”” to my nslcd.conf file.
However, my solution only works because kwarzt-sh is assigned to all users on the ldap directory. Also, your solution can adapt to many other situations, and explicitly answers the title of my OP.
Yeah, sorry I was in a bit of a rush to get out the door for a customer, forgot the `admin’. Glad to have been able to provide an answer for you. BTW, could you please mark the solution as it will help others.
We don’t have the Solved plugin enabled here. But I’m bookmarking this thread to move to the Ask category once we’ve merged the sites (soon, I hope) and I’ll mark the solution when I do that.