Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-9896: Missing shell for Solaris 11.x /etc/shells file

Auditing and Monitoring Service ,  

12 February,18 at 12:18 PM

Applies to: All version of Centrify DirectAudit

On Solaris 11.x or above, there is a shell called pfbash located in /bin, if users set this shell as their default shell, they will fall into emergency shell during login as this shell is not listed in /etc/shells.
Solaris does not have /etc/shells by default and it is generated by Centrify.
Centrify Direct Audit calls the OS function getusershell() if it exists. In most cases, it just returns the entries in /etc/shells.

However, note the following special implementation of getusershell() in Solaris:

If /etc/shells does not exist, the following locations of the standard system shells are used in its place:

/bin/bash /bin/csh
/bin/jsh /bin/ksh
/bin/pfcsh /bin/pfksh
/bin/pfsh /bin/sh
/bin/tcsh /bin/zsh
/sbin/jsh /sbin/pfsh
/sbin/sh /usr/bin/bash
/usr/bin/csh /usr/bin/jsh
/usr/bin/ksh /usr/bin/pfcsh
/usr/bin/pfksh /usr/bin/pfsh
/usr/bin/sh /usr/bin/tcsh
/usr/bin/zsh /usr/sfw/bin/zsh

Centrify DirectAudit checks if the file returned from the function exists or not, pfbash is NOT in this list and therefore, /etc/shell will not include this shell for auditing.

  1. Disable audit by running: dacontrol -d
  2. Manually append the /bin/pfbash into /etc/shells file
  3. Enable audit by running:  dacontrol -e
  4. Once done, check if /bin/cdax/pfbash is created
  5. If so, try login as the affected user again