How can I get a secure system-wide oh-my-zsh configuration?

by

Unless I’m misunderstanding the marked answer from Caleb is just the normal per-user installation steps with adding a .zshrc file to the skel dir and changing the default new-user shell, but it doesn’t actually work or really answer the question because each user still requires the oh-my-zsh dir/would still require each user to clone the oh-my-zsh dir into their own folder meaning it’s not really installed system wide, it just automatically gives them a zshrc file and changes the default shell to zsh, but without oh-my-zsh in each user folder it will error out.

From what I understand of the question it’s asking how to install oh-my-zsh system-wide aka have it installed in ONE place and not require manually messing around on each new user/having a git clone of oh-my-zsh on each user dir. Assuming that’s the case, here’s what I did based off Arch Linux’s AUR Package I normally use but was looking for the same on a centos server, however this can be done on any distro. Credit goes to MarcinWieczorek and the other maintainers, I just adapted the below so can do the same on non-arch distros.

If you already have oh-my-zsh installed on root just skip to Step 3. This isn’t distro specific just uses the AUR Patch File for zshrc

Step #1

Install zsh of course

Step #2

Install oh-my-zsh as root as normal (shows wget method, see Calebs answer for alternative)

sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

Step #3

Move the install to /usr/share so is system-wide

#Copy zsh files to /usr/share for all uer access 
mv /root/.oh-my-zsh /usr/share/oh-my-zsh
# Move into the dir and copy the zshrc template to zshrc (which will be the default for users)
cd /usr/share/oh-my-zsh/
cp templates/zshrc.zsh-template zshrc
# Nab the patch file from MarcinWieczorek's AUR Package and apply to the zshrc file
wget https://aur.archlinux.org/cgit/aur.git/plain/0001-zshrc.patch\?h\=oh-my-zsh-git -O zshrc.patch && patch -p1 < zshrc.patch

Now oh-my-zsh is installed globally and the user just needs that zshrc file. so NOW is where Caleb’s answer comes in though just do the below as /etc/adduser.conf is only on debian whereas the below should be distro independent.

Step #4

Set it up to be the default on new users

# Create hard link to the zshrc file so it creates an actual independent copy on new users
sudo ln /usr/share/oh-my-zsh/zshrc /etc/skel/.zshrc
# Set default shell to zsh
sudo adduser -D -s /bin/zsh

Now that’s a true installation of oh-my-zsh with all new users automatically having it applied with the /usr/share/oh-my-zsh/zshrc settings and no other steps needed.

Misc Notes

  • For any pre-existing users with oh-my-zsh:

    cp /usr/share/oh-my-zsh/zshrc ~/.zshrc
  • You can set new user OMZ defaults in /usr/share/oh-my-zsh/zshrc
  • Auto Updates are disabled since new users do not have permissions to update the /usr/share/oh-my-zsh files
    • To update oh-my-zsh just cd to /usr/share/oh-my-zsh/ and run ‘sudo git pull’
  • The oh-my-zsh cache will be handled per-user within each user dir under ~/.oh-my-zsh-cache/ (automatically created)

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)