Open m2Giles opened 3 days ago
+1 to the removal of this. The less footguns we have for users, the better.
+1
+1, more background: https://tim.siosm.fr/blog/2023/12/22/dont-change-defaut-login-shell/
What are we thinking implementation wise? (List of steps and which repos?)
+1 it's a suid root executable, so removing it would be good for security as well :smile:
+1, documentation on alternatives would be great. I didn't know of these problems and have changed my shell with ujust chsh
.
Maybe we leave a chsh stub that links to timothee's blog post?
The big thing is for a user that expects to change their shell it should tell them the better way to do it.
Also, we can simplify a lot of the logic in shell configuration by just putting the integrations on all of them.
We also need to make sure we remove any convenience chsh stuff since it's just a possible footgun for a user.
For ptyxis we could add profiles for zsh/fish much like we do for quadlet integration
Changing your login shell can cause a number of issues on atomic images. The biggest one is that you will break your user account if you rebase to an image that doesn't have the shell.
There also have been issues with users unable and to login after changing their shell from time to time.
The proposal is to remove the chsh binary from main images.
Most modern terminal emulators let you run a custom command instead of your default shell.
There are downstream effects requiring us to change just scripts that expect to determine shell based on $SHELL variable and ones that changed the default shell