I have Active Directory users with no local accounts, so they cannot use chsh. They can login to multiple different types of server and most of the time /bin/bash
is the correct shell, or at least for most users their preferred shell is available on most servers.
However, there are a couple of exceptional cases. For example, most Macs have custom/recent shells installed via Homebrew. They should e.g. keep /bin/bash
being the system shell (no symlink cheating!) but have a more recent Bash installed via Homebrew at /usr/local/bin/bash
. The fact that this is not present on the majority of servers would seem to prevent using the AD property to change the global default shell.
Is it possible to specify the shell that sshd
launches for such an account on a specific machine (regardless of login/interactive status)? The exceptional cases tend to be small in number and so far only occur on development machines that are within the control of the users who desire customisation. Alternatively, are there other AD properties that can be used to provide more granularity (e.g. specify /usr/local/bin/bash
and have fallback behaviour to another property on servers which lack this path).