Why does chsh not work?

smn · May 26, 2020, 2:34pm

I am trying to switch my shell.
I ran nix-env -i fish and I can now launch it with fish and which fish tells me it is at /home/user/.nix-profile/bin/fish.

However, chsh does not work.
This is what I get:

[user@nixos:~]$ chsh
Password:
Changing the login shell for user
Enter the new value, or press ENTER for the default
        Login Shell [/run/current-system/sw/bin/bash]: /home/user/.nix-profile/bin/fish
chsh: /home/user/.nix-profile/bin/fish is an invalid shell

Anybody know what’s going on?

NB: It seems I am doing this wrong anyway but I would still like to know.

dalto · May 26, 2020, 2:39pm

Generally speaking, chsh only accepts shells listed in /etc/shells

That being said, I would definitely make that change declaratively on nixos.

smn · May 26, 2020, 3:30pm

Hm…so I cannot actually change to a shell that I have installed? And this is a general problem and not just NixOS? Seems a bit stupid but ok.

dalto · May 26, 2020, 3:42pm

Yeah, that is how chsh works. In the general case, you could simply use a different command like usermod or edit /etc/passwd directly.

In the nixos case, I would strongly recommend configuring your shell declaratively in configuration.nix.

takeda · May 28, 2020, 6:29am

@smn the /etc/shells is like that on all unix systems as far as I know. It is meant for safety, so you won’t change to a shell that doesn’t work and lock yourself out (maybe it is also a security feature, although I don’t see how that could be exploited). In most linuxes whenever you install a new shell the package automatically adds the shell there, that’s why you might have not noticed it.

smn · May 28, 2020, 8:52am

This prompts the question: how could a user install such a shell and switch to it if he is not allowed to edit configuration.nix? Or maybe in general, how usable is NixOS without root rights?

dalto · May 28, 2020, 12:01pm

Wouldn’t you have this problem on any Linux system?

That being said, you don’t have to change your default shell to use a shell. If there was a requirement that a user needed access to arbitrary shells not installed system-wide, they could always exec /path/to/shell. If they wanted it to be automatic they could put it in their .bashrc or similar.

smn · May 28, 2020, 5:43pm

You’re of course technically correct but I guess on another system users might have sudo rights for apt or something like that to install software. Not that this would make a lot of sense from a privilege separation point of view but at least then they could install a shell and switch it to it.

No, I think, disregard all of that. I agree that without root rights it cannot be done on any linux.
But of course this could have been a great advantage of NixOS!

takeda · May 28, 2020, 6:53pm

The chsh command is stateful command, not matching Nix philosophy. Since if you change shell that way it will change state that was generated by configuration.nix. On unix the shell is configured in /etc/passwd and in order for chsh to be able to changed it it needs to be SUID (i.e. act as root user). With nix ability to install own version and easily patching it, that’s a big no-no in terms of security.