Original author(s) | Salvatore Valente |
---|---|
Operating system | Unix and Unix-like |
Type | Command |
chsh (an abbreviation of "change shell") is a command on Unix-like operating systems that is used to change a login shell. Users can either supply the pathname of the shell that they wish to change to on the command line, or supply no arguments, in which case chsh allows the user to change the shell interactively. [1]
chsh is a setuid program that modifies the /etc/passwd file, and only allows ordinary users to modify their own login shells. The superuser can modify the shells of other users, by supplying the name of the user whose shell is to be modified as a command-line argument. For security reasons, the shells that both ordinary users and the superuser can specify are limited by the contents of the /etc/shells file, with the pathname of the shell being required to be exactly as it appears in that file. (This security feature is alterable by re-compiling the source code for the command with a different configuration option, and thus is not necessarily enabled on all systems.) The superuser can, however, also modify the password file directly, setting any user's shell to any executable file on the system without reference to /etc/shells and without using chsh. [1] [2] [3]
On most systems, when chsh is invoked without the -s command-line option (to specify the name of the shell), it prompts the user to select one. On Mac OS X, if invoked without the -s option, chsh displays a text file in the default editor (initially set to vim) allowing the user to change all of the features of their user account that they are permitted to change, the pathname of the shell being the name next to "Shell:". When the user quits vim, the changes made there are transferred to the /etc/passwd file which only root can change directly. [2] [4]
Using the -s option (for example: % chsh -s /usr/local/bin/bash
) greatly simplifies the task of changing shells.
Depending on the system, chsh may or may not prompt the user for a password before changing the shell, or entering interactive mode. On some systems, use of chsh by non-root users is disabled entirely by the sysadmin. [4]
On many Linux distributions, the chsh command is a PAM-aware application. As such, its behaviour can be tailored, using PAM configuration options, for individual users. For example, an auth directive that specifies the pam_listfile.so module can be used to deny chsh access to individual users, by specifying a file of the usernames to deny access to with the listfile= option to that module (along with the sense=deny option). [5]
POSIX does not describe utilities such as chsh, which are used for modifying the user's entry in /etc/passwd. Most Unix-like systems provide chsh. [6] SVr4-based systems provided a similar capability with passwd. Two of the three remaining systems (IBM AIX [7] and HP-UX [8] ) provide chsh in addition to passwd -e. The exception is Solaris, where non-administrators are unable to change their shell unless a network name server such as NIS or NIS+ is installed. [9] [10] The obsolete [11] SGI SVr4 system IRIX64 also lacked chsh.
A Unix shell is a command-line interpreter or shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command language and a scripting language, and is used by the operating system to control the execution of the system using shell scripts.
In computing, ls
is a command to list computer files in Unix and Unix-like operating systems. ls
is specified by POSIX and the Single UNIX Specification. When invoked without any arguments, ls lists the files in the current working directory. The command is also available in the EFI shell. In other environments, such as DOS, OS/2, and Microsoft Windows, similar functionality is provided by the dir
command. The numerical computing environments MATLAB and GNU Octave include an ls
function with similar functionality.
The ln
command is a standard Unix command utility used to create a hard link or a symbolic link (symlink) to an existing file or directory. The use of a hard link allows multiple filenames to be associated with the same file since a hard link points to the inode of a given file, the data of which is stored on disk. On the other hand, symbolic links are special files that refer to other files by name.
In computing, touch
is a command used to update the access date and/or modification date of a computer file or directory. It is included in Unix and Unix-like operating systems, TSC's FLEX, Digital Research/Novell DR DOS, the AROS shell, the Microware OS-9 shell, and ReactOS. The command is also available for FreeDOS and Microsoft Windows.
The Unix command su, which stands for 'substitute user', is used by a computer user to execute commands with the privileges of another user account. When executed it invokes a shell without changing the current working directory or the user environment.
The cron
command-line utility is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs, also known as cron jobs, to run periodically at fixed times, dates, or intervals. It typically automates system maintenance or administration—though its general-purpose nature makes it useful for things like downloading files from the Internet and downloading email at regular intervals.
passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.
Unix System V is one of the first commercial versions of the Unix operating system. It was originally developed by AT&T and first released in 1983. Four major versions of System V were released, numbered 1, 2, 3, and 4. System V Release 4 (SVR4) was commercially the most successful version, being the result of an effort, marketed as Unix System Unification, which solicited the collaboration of the major Unix vendors. It was the source of several common commercial Unix features. System V is sometimes abbreviated to SysV.
pax is an archiving utility available for various operating systems and defined since 1995. Rather than sort out the incompatible options that have crept up between tar
and cpio
, along with their implementations across various versions of Unix, the IEEE designed new archive utility pax that could support various archive formats with useful options from both archivers. The pax
command is available on Unix and Unix-like operating systems and on IBM i, Microsoft Windows NT, and Windows 2000.
In computing, kill
is a command that is used in several popular operating systems to send signals to running processes.
In Unix-like systems, multiple users can be put into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, among others, also enables the superuser to delegate some administrative tasks to normal users, similar to the Administrators group on Microsoft Windows NT and its derivatives.
A runlevel is a mode of operation in the computer operating systems that implements Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero to six. S is sometimes used as a synonym for one of the levels. Only one runlevel is executed on startup; run levels are not executed one after another.
rm
is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del
command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.
The Name Service Switch (NSS) connects the computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources include local operating system files, the Domain Name System (DNS), the Network Information Service, and LDAP.
In computing, a shebang is the character sequence consisting of the characters number sign and exclamation mark at the beginning of a script. It is also called sharp-exclamation, sha-bang, hashbang, pound-bang, or hash-pling.
utmp, wtmp, btmp and variants such as utmpx, wtmpx and btmpx are files on Unix-like systems that keep track of all logins and logouts to the system.
chattr is the command in Linux that allows a user to set certain attributes of a file. lsattr is the command that displays the attributes of a file.
ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.
The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell and its later counterpart Bash, and in the KornShell. In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and providing information to them as to what actions they are to perform. In some cases the invocation is conditional based on conditions established by the user or previous executables. Such access was first provided by computer terminals starting in the mid-1960s. This provided an interactive environment not available with punched cards or other input methods.