Posted on 02-27-2024 12:33 AM
Wondering if there is a way to change the default shell for all users?
I see that a user can themselves type
chsh -s shellname
e.g. csh -s zsh
but they have to authenticate. I could run a script at login, once, but not sure how to tackle the need to provide their password.
Also, I'd like to change the system so that new users have the newer shell (zsh)
Solved! Go to Solution.
Posted on 02-27-2024 04:09 AM
This will change the above directory binding.
/usr/sbin/dsconfigad -shell /bin/zsh
Posted on 02-27-2024 11:56 AM
This seemed to work for existing users:
dscl . -create /Users/𝘴𝘩𝘰𝘳𝘵𝘶𝘴𝘦𝘳𝘯𝘢𝘮𝘦 UserShell /bin/zsh
Posted on 03-20-2024 12:52 AM
So it turns out that Active Directory has a user attribute called loginshell. That attribute overwrites the one in Directory Utility. I ended up just making a login script that runs once per user per machine
#!/bin/bash
# ChangeDefaultShellForUser.bash
# Set this to run once per user at login on the target machine
# Doing it this way because the AD user attribute loginshell is overiding our domain binding settings
# Intended for computer labs
# 2024-03-20 David London
# In a jamf policy would enter /bin/zsh for the $4 parameter
NewShell=$4
currentUser=$(stat -f%Su /dev/console)
echo "Current default shell for $currentUser:"
/usr/bin/dscl . -read "/Users/$currentUser" UserShell
echo
/usr/bin/dscl . -create "/Users/$currentUser" UserShell "$NewShell"
echo "New default shell for $currentUser:"
/usr/bin/dscl . -read "/Users/$currentUser" UserShell
exit 0
Posted on 02-27-2024 03:26 AM
I think this is what I need to edit on the existing AD binding on a machine
I can change the settings in Jamf for future binding. Just not sure where this lives on the local machine
Posted on 02-27-2024 04:09 AM
This will change the above directory binding.
/usr/sbin/dsconfigad -shell /bin/zsh
Posted on 02-27-2024 11:56 AM
This seemed to work for existing users:
dscl . -create /Users/𝘴𝘩𝘰𝘳𝘵𝘶𝘴𝘦𝘳𝘯𝘢𝘮𝘦 UserShell /bin/zsh
Posted on 02-27-2024 09:29 PM
Thanks @joshuasee - appreciate the help :)
Posted on 03-20-2024 12:52 AM
So it turns out that Active Directory has a user attribute called loginshell. That attribute overwrites the one in Directory Utility. I ended up just making a login script that runs once per user per machine
#!/bin/bash
# ChangeDefaultShellForUser.bash
# Set this to run once per user at login on the target machine
# Doing it this way because the AD user attribute loginshell is overiding our domain binding settings
# Intended for computer labs
# 2024-03-20 David London
# In a jamf policy would enter /bin/zsh for the $4 parameter
NewShell=$4
currentUser=$(stat -f%Su /dev/console)
echo "Current default shell for $currentUser:"
/usr/bin/dscl . -read "/Users/$currentUser" UserShell
echo
/usr/bin/dscl . -create "/Users/$currentUser" UserShell "$NewShell"
echo "New default shell for $currentUser:"
/usr/bin/dscl . -read "/Users/$currentUser" UserShell
exit 0