There are 3 different types of overrides:
The override has been designed to apply only one of those. When a wildcard is specified in the user-override file as well as individual entries for specific users the override specified with the wildcard will apply to all users execpt for users who also have overrides that apply specifically to them.
For example if you have the following users:
$ /opt/quest/bin/vastool list users
And the following user-overide:
Then with the override applied you will have the following:
$ /opt/quest/bin/vastool list -o users
Note that the default shell for user2 has not been changed.
This is the intended behaviour for the user-override and group-override file. Instead of attempting to guess which override is intended to take priority the general override is always ignored for users or groups who also have an override specific to them.
This can be worked around by including the override intended for all users or groups in each of the overrides specified. In the previous example changing the user-override file to look like this:
Would give the expected results.
The only option to have a user in more than one is when using user-override-by-group-apply-all, this allows multiple by groups overrides to be set. Note, this option excludes the wildcard option, which will not apply to users/groups who already have overrides applying.
user-override-by-group-apply-all = <boolean>
Default value: false
When applying user-by-group overrides, only the first entry found will be applied by
default. If this option is set to true, then it will apply all by-group entries, with
the latter overwriting earlier changes to the same attribute.
user-override-by-group-apply-all = true