I am trying to change my shell with chsh but I am getting an error

Question

I can't change my bash shell to fish with chsh, because it asks for a password, which isn't my root password, and after I type something in I get this: chsh: PAM: Authentication failure

This is my /etc/pam.d/chsh configuration file:

#
# The PAM configuration file for the Shadow `chsh' service
#
This will not allow a user to change their shell unless
their current one is listed in /etc/shells. This keeps
accounts with special shells from changing them.
auth            sufficent       pam_shells.so
This allows root to change user shell without being
prompted for a password
auth            sufficent       pam_rootok.so
The standard Unix authentication modules, used with
NIS (man nsswitch) as well as normal /etc/passwd and
/etc/shadow entries.
@include common-auth
@include common-account
@include common-session

My /etc/shells file contains /bin/fish and /usr/bin/fish too and it still asks for a password. I also know my sudo password, but after I type it in, it asks for another one, that I don't know. Like this:

gergo@odin:~$ sudo chsh -s /usr/bin/fish
[sudo] password for gergo:  
Password:
chsh: PAM: Authentication failure 

Please if anyone can think of something tell me.

Answer 1

In /etc/pam.d/chsh, you need to change:

auth            sufficent       pam_shells.so

to:

auth            required       pam_shells.so

And change:

auth            sufficent       pam_rootok.so

to:

auth            sufficient       pam_rootok.so

And then, change your own shell without sudo, like so:

chsh -s /bin/fish

---

Brief explaination:

sufficent is not a valid PAM modules control flag and has to be corrected to sufficient and furthermore, you don't want it in the first module as it will disable further proper user authentication(e.g. asking for password) when returning success to the application immediately and preventing further stack processing, so use required instead ... Also using sudo chsh -s /usr/bin/fish without specifying a user like sudo chsh -s /usr/bin/fish username will change root's login shell and not yours and you don't need sudo for changing your own login shell, so don't use it.