Date: Thu, 10 Nov 2005 15:44:44 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: upgrading 5.4 -> 6.0 without reinstalling. safe ? Message-ID: <200511101444.jAAEii8H010916@lurza.secnetix.de> In-Reply-To: <20051110142455.GA33797@pc5-179.lri.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Marwan Burelle <Marwan.Burelle@lri.fr> wrote: > On Thu, Nov 10, 2005 at 02:13:26PM +0100, Oliver Fromme wrote: > > Under some circumstances it can also be useful to have > > an "emergency user" which is not dependant on anything > > outside the base system (i.e. doesn't use anything from > > /usr/local, doesn't have its home on an NFS volume, > > doesn't has its account information on NIS etc.). It > > should be a member of the wheel group so it can do "su". > > In the same idea, I never change root's shell I never change root's login shell either -- because it is never used. > I think also that root should have /rescue/*sh as shell (static > versions) just to be sure ... Well, I vote for /sbin/nologin as root's login shell. In single-user mode, the systems asks for the shell, with /bin/sh being the default. In multi-user mode, nobody should ever log in as root. You rather log in as normal user and then use "su -m", or use sudo(8) or super(1) or whatever. Therefore I think root's login shell has zero meaning, and it should be /sbin/nologin for security reasons (in case you accidentally enabled root login via ssh, or you have set the virtual terminals set to "secure" in /etc/ttys). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." -- Doug Gwyn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511101444.jAAEii8H010916>