简单的设置仍然是安全的：

>添加/etc/pam.d/chsh的顶部：

# This allows users of group chsh to change their shells without a password.
#
# Per: http://serverfault.com/questions/202468/changing-the-shell-using-chsh-via-the-command-line-in-a-script
#
auth       sufficient   pam_wheel.so trust group=chsh

>创建chsh组：

groupadd chsh

对于任何允许更改其shell的用户：

usermod -a -G chsh username

钱拍：

user@host:~$getent passwd $USER
user:x:1000:1001::/home/user:/bin/bash
user@host:~$chsh -s `which zsh`
user@host:~$getent passwd $USER
user:x:1000:1001::/home/user:/usr/bin/zsh
user@host:~$