Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-5940: Placed into emergency shell when logging in

12 April,16 at 11:44 AM

Applies to:

Centrify DirectControl 5.2.2 and later on all platforms


When logging in with a specific shell (eg. /bin/csh), the user is placed into a DirectAudit emergency shell with the following message returned:

DirectAudit was run as -centrifyda and determined that the real executable to run is /bin/csh, however /bin/cdax/csh does not seem to exist, or the current user does not have appropriate execute permissions to start it. DirectAudit will now provide an emergency prompt. Please use this prompt to either replace /bin/csh with a known good shell binary (for instance: from media, backups or network), modify the execute permissions on /bin/csh, or to manually disable auditing. Note that as auditing for -centrifyda is currently broken, it is recommended that you avoid execution of any scripts which are interpreted by -centrifyda. 

DirectAudit tries to maintain a backup copy of the default system shell, while this shell is not currently available, you may be able to mount the appropriate filesystem to retrieve and use that copy in recovery operations. Copies are kept in the following locations: /usr/share/centrifydc/bin/ and /etc/centrifyda/ 

Type 'exit' to exit 
<DirectAudit Emergency Prompt>#


In the scenario above, the user is attempting to login with /bin/csh as their current shell. As far as DirectAudit is concerned, this shell does not exist. In order to successfully audit a shell, our auditing wrapper for the shell must be present. These wrappers are housed in /bin/cdax/ (ie. /bin/cdax/csh). These wrappers are generated when auditing is enabled (dacontrol -e) from the shells currently available to the system, as defined within /etc/shells.


If you encounter this issue, it can be remedied via the following steps:

(1) Ensure the shell exists on the system as an installed shell.

(2) Ensure the shell is listed within /etc/shells (or equivilent)

(3) Disable and re-enable auditing to refresh the auditing wrappers for available shells:

dacontrol -d; dacontrol -e