When a student signs up for 230, she may already have a server account (if she took cs111) or not (if she placed out of cs111). Thus, they fill out a form that asks whether the account exists or not.
If it exists, it will have been created with the shell as /usr/local/bin/scponly, and that needs to be changed to /bin/bash
The existing useradd_ldap script does change the shell, but only in LDAP, since it calls ldapchsh.pl. Since we’re using the flat files, we need to *also* change it in /etc/passwd using the built-in chsh command.
Towards that end, I wrote ldapscripts/chsh-both, which just calls both commands.
I tested to see if it was necessary, using incantations like this:
[root@tempest tmp]# for acct in `cat cs230-2012-fall-saved-version* | cut -f1`; do echo $acct; done mfeldman egrandje vbrown glanza vlin choef ...
To see what their login shell is on Tempest:
[root@tempest tmp]# for acct in `cat cs230-2012-fall-saved-version* | cut -f1`; do getent passwd $acct; done mfeldman:x:5159:5163:Monica Starr Feldman class of Class of 2014:/students/mfeldman:/usr/local/bin/scponly egrandje:x:5276:5280:Emily Grandjean class of 2015:/students/egrandje:/usr/local/bin/scponly vbrown:x:5277:5281:Victoria Brown class of 2015:/students/vbrown:/usr/local/bin/scponly glanza:x:5217:5221:Gabriela Alicia Lanza Class of 2014:/students/glanza:/usr/local/bin/scponly vlin:x:5178:5182:Veronica Lin class of 2015:/students/vlin:/bin/bash mokeefe2:x:5454:5454:Margaret O'Keefe class of 2016:/students/mokeefe2:/bin/bash xlu2:x:5455:5 ...
Some are /bash, but most, as expected, are scponly. The bash ones are probably new accounts. Here are the LDAP entries:
[root@tempest tmp]# for acct in `cat cs230-2012-fall-saved-version* | cut -f1`; do ldapsearch -x "uid=$acct" | grep loginShell ; done loginShell: /bin/bash loginShell: /bin/bash loginShell: /usr/local/bin/scponly loginShell: /bin/bash loginShell: /bin/bash loginShell: /usr/local/bin/scponly loginShell: /bin/bash loginShell: /bin/bash ...
Hmm. I wonder which are scponly?
for acct in `cat cs230-2012-fall-saved-version* | cut -f1`; do echo -n $acct; ldapsearch -x "uid=$acct" | grep loginShell ; done | grep scponly ckeungloginShell: /usr/local/bin/scponly elinloginShell: /usr/local/bin/scponly [root@tempest tmp]#
Ah, right. These two didn’t get their shells changed because I removed them from the list of accounts (bad passwords). That was actually an error, since the password is ignored if the account exists. (We need to modify the form to clarify that.)
Instead of looking at those files, I should look at /etc/accounts/cs230-2012-fall:
[root@tempest tmp]# for acct in `cut -f1 /etc/accounts/cs230-2012-fall `; do ldapsearch -x "uid=$acct" | grep loginShell; done loginShell: /bin/bash loginShell: /bin/bash loginShell: /bin/bash loginShell: /bin/bash loginShell: /bin/bash ...
Much better. Okay, let’s change their shells:
[root@tempest tmp]# for acct in `cut -f1 /etc/accounts/cs230-2012-fall `; do echo chsh -s /bin/bash $acct; donechsh -s /bin/bash mfeldman chsh -s /bin/bash egrandje chsh -s /bin/bash vbrown chsh -s /bin/bash glanza chsh -s /bin/bash vlin
That was just double-checking before I do anything that modifies the system. Now:
[root@tempest tmp]# for acct in `cut -f1 /etc/accounts/cs230-2012-fall `; do chsh -s /bin/bash $acct; done Changing shell for mfeldman. Shell changed. Changing shell for egrandje. Shell changed. Changing shell for vbrown. Shell changed. Changing shell for glanza. Shell changed. Changing shell for vlin. ...
Good! That should take care of the problem. I’ve modified useradd_students to use the new script, which is:
[root@tempest tmp]# cat /root/ldapscripts/chsh-both #!/bin/bash # Change the shell in both the flat files and in LDAP if [ $# -eq 0 ]; then echo "Usage: $0 shell username(s)" exit fi shell=$1 shift grep $shell /etc/shells > /dev/null if [ $? -ne 0 ]; then echo "$shell not found in /etc/shells. Please check your syntax. First arg is a shell" exit fi # First change the LDAP shell, since we will consume our args in the for loop /root/ldapscripts/ldapchsh.pl $shell $* # Now, iterate over the list and change the shell in /etc/passwd for username in $*; do /usr/bin/chsh -s $shell $username done
