Date: Thu, 16 Dec 2004 10:12:40 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@FreeBSD.org Subject: Re: Why reccomend Bash shell? Message-ID: <0A2B2390CE654BA6B5F8E621@utd49554.utdallas.edu> In-Reply-To: <41C16D47.7030302@infracaninophile.co.uk> References: <005a01c4e31c$efc4d460$0200a8c0@PANASONIULSWMR> <41C16D47.7030302@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, December 16, 2004 11:11:03 AM +0000 Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: > > On point that no one has mentioned on this list yet is that it is a good > idea to have root's shell be entirely contained on the root partition of > the system -- ie. not just the executable, but any shlibs it requires as > well. There's been a thread over on freebsd-ports@... about ppp(8) > apparently failing because of problems linking libintl -- which actually > turned out to be because root's shell had been changed to bash(1). > I'm curious to know why you would change root's shell to bash. You can change shells at the cli easily. What's one more command before you start working? > > On the other hand, I take the view that the less done by the super user > the better, and discourage myself to use sudo(1) preferentially and to > keep su(1) sessions as short as possible by making root's shell as > /unfriendly/ as possible. > Is this a religious argument? Or is there a sound security basis for it? I ask because I'm not sure I see the difference. I prefer to leave sudo set up to prompt for a password. This at least reminds you that what you're doing is "root's" work (and if you screw up, you could do "bad" things.) If I'm going to do a lot of work, I just su - to root, do the work and then get out. I don't allow remote root access, so I'm wondering - am I exposing my systems to some unnecessary risk? Or is this just a matter of personal preference? Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0A2B2390CE654BA6B5F8E621>