From owner-freebsd-questions Sun May 16 9:35:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from loviatar.webcom.com (loviatar.webcom.com [209.1.28.41]) by hub.freebsd.org (Postfix) with ESMTP id 7378F1500E for ; Sun, 16 May 1999 09:35:32 -0700 (PDT) (envelope-from graeme@echidna.com) Received: from kigal.webcom.com (kigal.webcom.com [209.1.28.57]) by loviatar.webcom.com (8.9.1/8.9.1) with SMTP id JAA11793; Sun, 16 May 1999 09:35:21 -0700 Received: from [204.143.69.30] by inanna.webcom.com (WebCom SMTP 1.2.1) with SMTP id 34088744; Sun May 16 09:31 PDT 1999 Message-Id: <373F1DEC.77D7@echidna.com> Date: Sun, 16 May 1999 12:35:08 -0700 From: Graeme Tait Organization: Echidna X-Mailer: Mozilla 2.02 (Win16; I) Mime-Version: 1.0 To: Studded , stuyman@confusion.net, freebsd-questions@freebsd.org Cc: info@boatbooks.com Subject: Re: [Fwd: Re: How to change the shell?] References: <373DAD1C.6FA8766F@gorean.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Studded wrote: > > Laurence Berland wrote: > > > > But it probably wouldnt be a bad thing if I were to copy TCSH into /bin > > and then not worry about Single user mode problems? > > Here's a good example of why you should always leave root's shell as one > of the system shells. I recently upgraded my system from 2.2.8 to 3.2-beta. > Everything went well, make upgrade completed with no errors, and the system > came right up when I rebooted. The problem occured when I tried to log in > as my unpriviliged user who uses Bash. The libraries that it compiled > against were no longer where Bash thought they should be, and Bash refused > to start. I had to login as root, recompile Bash, then I was good to go. If > I had been doing that upgrade remotely, I would have been SOL because I > don't allow root logins. > > Now, it is possible that you could think of ALL of the possible ways that > you could be affected by changing the root shell, etc., etc., blah blah. > However, several really smart people have told you now that it's a bad > idea. Every unix system administration book you will ever read will also > tell you it's a bad idea. At some point, you will realize, it's a bad idea. > Whether you realize it now, or realize it after you've shot yourself in the > foot a few times is up to you. As a relative newbie, I've been following this thread with interest, because I use two systems configured with bash as the default root shell, and haven't experienced any problems - plus is it a nice convenience. I also still haven't heard a convincing reason not to have bash as root default, given appropriate precautions. My sysadmin book ("Essential System Administration") doesn't tell me not to have bash as the root default - it just cautions me to make sure single user mode still works. It actually implies changing the default root shell is normal enough. It's not an issue for single user mode - FreeBSD asks you what shell you want, and you can always take the default sh. In fact, you couldn't select bash at this point if it's in a separate /usr filesystem. I rather like being in sh in this case, as I reminds me I'm in single user mode, but if I get tired of not having the bash features, I can always mount /usr and switch to bash (or I assume I could have a [statically-linked?] version in the root filesystem). The problem of losing bash is not something I'd considered, but with local logins, you can always start in single user mode with sh even if bash is the root default. For remote logins, you could have user toor default to sh, and define a password for toor. So you can always su to toor. Plus you could define an unprivileged user (but in group wheel), with sh as default shell, so remote logins would still be possible in this case. I assume you'd need to do the latter anyway if you are running remotely and fear losing bash. But I must say that I would not attempt to make an upgrade from 2.8 to 3.2-beta on a remote machine, without trying it locally first, and/or without having remote console access to the machine! -- Graeme Tait - Echidna To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message