Configuring Special Login Shells

Configuring Special Login Shells

You may want to assign an account a login shell other than one of the system defaults. Reasons for doing this include:

The need for special-use accounts that require restricted or very specific access to the system
a user requesting a special shell

You can specify any program as the login shell for an account. For example, you can use a third-party application program as the login shell. Users with this application as a shell log in to the system and are immediately placed in the application. All interaction with the system is through the application, and when the users quit from the application, they are automatically logged out. To restrict access to the system, you can also use a custom shell that you create.

Another example is the nuucp account, which uses /usr/lib/uucp/uucico as a login shell.

Many users have favorite shells, for example the bash shell, that they might want you to install. As with any other software, make sure it comes from a reputable source. (bash shell is public domain software .) You may wish to back up the system completely before installing the shell, then monitor the system closely for a while to be sure there are no problems with the shell.

For security reasons, you should not blindly accept compiled binaries and install them as login shells on the system (or anywhere else on the system, for that matter). Start with the source code for the shell, make sure there are no security holes in the code, then compile it for your site.

Note that special shells should be located in a file system that is always mounted before users log in to the system. If the file system that contains a login shell is not mounted, people who use that shell cannot log in to their accounts.