Linux: neither chsh nor ypchsh is working, can I change my shell?

I'm an old-school Unix guy, so my Linux skills are probably slightly out-dated. But this seems like it should be simple enough.

On a Red Hat Linux system where I do not have root (it is administered by the company IT department), I want to be able to change my login shell. Running chsh gives me:

$ chsh -s /bin/bash
chsh: can only change local entries; use ypchsh instead.

So, I ran ypchsh instead:

$ ypchsh userid
ypchsh: can't find the master ypserver: Internal NIS error

What gives? Anyone have any other ideas?


  • NIS: ypchsh

  • LDAP:

    $ ldapmodify <<EOF
    dn: YOUR_DN
    changetype: modify
    replace: loginShell
    loginShell: /bin/bash
    -
    EOF
    

    (YOUR_DN might be in the form uid=$USER,ou=people,dc=example,dc=org; try ldapwhoami to see)

  • Hesiod: Ask system administrator.

  • Active Directory: Ask system administrator.


I have used one workaround to change my shell at login. I have just put bash which is used to change the shell in my .profile file.

You can find .profile in the user's home directory – use ls -la to see it.

Your .profile file may have something like this:

PATH=/usr/bin
export PATH
#Add this to go bash at login
bash
#end

So the real answer in my case is that the system admins (IT) want to lock down the standard config, so you have to ask them. But in the processt I discovered some more helpful commands for figuring out your LDAP configuration (if that happens to be how you are configured), just in case your system reports the same SASL error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:"

List the SASL authentication methods that your system supports:

 ldapsearch -x -LLL -s "base" -b "" supportedSASLMechanisms

Results might be something like:

dn:
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5

You can then pass the authentication method to LDAP commands using the -Y option like so:

ldappasswd -Y DIGEST-MD5
ldapmodify -Y DIGEST-MD5

Another solution is to simply override your YP shell:

Add this line to your /etc/passwd:

+<USERNAME>::::::/bin/bash

Example:

+psalm33::::::/bin/bash

And add the following to your /etc/nsswitch.conf:

passwd: compat

passwd_compat: nis