Date: Tue, 30 Jun 2020 16:04:43 +0200 From: Polytropon <freebsd@edvax.de> To: freebsd-questions@freebsd.org Cc: Donald Wilde <dwilde1@gmail.com>, "D'Arcy Cain" <darcy@druid.net> Subject: Re: Shell Message-ID: <20200630160443.7dc3d086.freebsd@edvax.de> In-Reply-To: <CAEC73922LQ%2BqVMcKoSqNWCiDmo62pwktSX_-Afv=cu5aNN=BeQ@mail.gmail.com> References: <CY4PR19MB010400AC4940C67421BFADE8F96E0@CY4PR19MB0104.namprd19.prod.outlook.com> <DB8PR06MB6442289C119C69BDF4303E72F66F0@DB8PR06MB6442.eurprd06.prod.outlook.com> <20200630104317.812dce86b2dc5ea5a42a1ee1@sohara.org> <a590654c-ffa2-3171-ce44-ae3f33214b14@hedeland.org> <20200630143913.e27eb3e3.freebsd@edvax.de> <CAEC73922LQ%2BqVMcKoSqNWCiDmo62pwktSX_-Afv=cu5aNN=BeQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Jun 2020 06:33:44 -0700, Donald Wilde wrote: > I would add only one suggestion here, and that would be to consider > using bash-static and parking it in a place where it is available in > the event of an excruciating mishap. This is usually where the "toor" user is interesting: It is for interactive use, but in worst case, regular "root" will always work as expected. > The only concern with doing so is that doing so causes the (larger!) > bash-static kernel to be used everywhere. If you have lots of regular > users with console prompts, this could be painful. You could "manually install" a statically-linked version of bash into /bin, and make it root:wheel + chmod 4000 (setuid), so no regular user can execute it; for them, make sure that the location of bash, usually /usr/local/bin/bash, is reflected in a $PATH where /usr/local/bin is before /bin (quite unelegant, but should work). > I haven't done this, but it should be possible to install both > bash-static and bash. One would have to rename the first (bash-static) > to something other than 'bash' and add that to the /etc/shells file, > but after doing so also install the bash package with the > non-monolithic binary 'bash' and use that as the shell for regular > users. That is an even better approach. :-) On Tue, 30 Jun 2020 09:46:08 -0400, D'Arcy Cain wrote: > I use bash for my user and root shell. To deal with mishaps I set my shell > in passwd to sh and create a small .profile which mainly just has this line: > > bash && exit 0 > > That way if bash is fine I run it and immediately exit when it does. If > bash is missing or can't run then the exit is skipped and I am in sh so that > I can fix things. This is a very convenient idea which only requires one little configuration file change. However, entering "bash" and pressing Enter at sh's # prompt after entering single- user mode would work, too - in worst case, you'll get an error message. :-) Another coding for your idea would be: exec bash || /bin/sh So the initial sh process continues as bash, but if it fails, "returns" to sh (starts one). Sidenote: I also tend to start a dialog shell out of sh in case I need more than one command or slightly longer path or filename to enter... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200630160443.7dc3d086.freebsd>