Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Change a user's default shell UNIX
A MacOSXism that might throw more classically-aligned Unix folks is how to change a user's shell (or other passwd information, actually).

Classic wisdom suggests using standard methods such as vipw or chsh. However, these methods do not work under OS X, as I found out the hard way. If you try to use these methods which revolve around changing the passwd/master.passwd filles, you'll find that everything looks ok but that the system elements that use this information are ignoring your changes. This vexed me until I discovered that the true authoritative repository for this infomation is managed by NetInfo.

Read the rest of the article for the details on using NetInfo to change the shell, and some information on why this is advantageous over just setting the prefs in the Terminal application...

To change a users shell, one must go into NetInfo. The easiest way to do this is to use the NetInfo Manager utility which is found in the Applications/Utilities folder. Using this utility, you want to edit the property /users/joebob/shell and set it to what you want. (replace "joebob" with the appropriate user)

However, some may find a command-line alternative to this method useful. For that, use the niutil utility:
niutil -createprop . /users/joebob shell /bin/bash
Note that you want to use the short username (unix username) when you are doing this.

Some of you may wonder why you should use NetInfo Manager when you can change the shell in the Terminal preferences area. When you set the shell preference in the Terminal, you are only setting the shell that the Terminal program runs for you when it is invoked. Any other use of the shell by the system or through other means (such as, when you ssh into your box remotely) uses the shell specified in NetInfo. For instance, say you want to use the bash shell when you su to root. Setting the Terminal variable won't do that for you; when you run su, you'll find yourself as root but running the default shell of tcsh. Now, if you change the shell assigned to the root account in NetInfo, then when you su you get the shell you wanted. Same goes for other applications that can invoke shells like vi or whatnot.
  • Currently 3.00 / 5
  You rated: 5 / 5 (7 votes cast)

Change a user's default shell | 7 comments | Create New Account
Click here to return to the 'Change a user's default shell' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
disabling shell access
Authored by: lstewart on Feb 13, '02 01:56:34PM
You can use this method to disable certain users from using a shell at all. If you have a user on your system that you don't want to be able to execute any shell scripts, or telnet in, or anything, simply use NetInfo to assign their default shell as /dev/null. They'll get an error message any time they try to open a shell. I don't know if that's worth much or not, but I've set this on some of the daemon-related users on my box (like PostgresQL's daemon user), in an effort to increase security.

[ Reply to This | # ]
Better to use /sbin/nologin
Authored by: Anonymous on Feb 13, '02 03:39:22PM

Better to use /sbin/nologin, it's more "correct" and you can also specify a custom message to users.

[ Reply to This | # ]
I just did that today!
Authored by: Titanium Man on Feb 14, '02 12:59:34AM

Would you change the root's shell too, or leave well enough alone? I had heard to leave the root with /bin/tcsh, because tcsh is supposedly slightly more secure than bash, but I don't know if it's true or not.

[ Reply to This | # ]
I just did that today!
Authored by: Anonymous on Feb 14, '02 11:47:11AM

Leave it alone, for several reasons. A couple reasons are:

- tcsh came with OS X, you're probably less likely to run into any severe bugs.
- bash probably is a bit less secure. it's had its share of security issues.
- make sure whatever you use is in /bin or /sbin. If you use /usr/local/bash as root, and /usr/local is on a different partition than /, and have to boot into single-user mode, you're up sh*t creek.
- smart admins never mess with root's defaults, and with sudo, there's no reason to log in as root.

[ Reply to This | # ]
I just did that today!
Authored by: Titanium Man on Feb 14, '02 11:55:52PM

Thanks for the sound advice!

[ Reply to This | # ]
This is out of date... chsh now works
Authored by: mikerose on Feb 23, '04 03:54:35PM

The chsh command should work under Panther for a permanent shell change.

[ Reply to This | # ]
Exact syntax right here...
Authored by: SinceEBCDIC on Jul 27, '04 12:34:59PM
chsh -s SHELL USER

where SHELL is one of /etc/shells and USER is the shortname, as in

chsh -s /bin/tcsh steve


[ Reply to This | # ]