From owner-freebsd-questions@FreeBSD.ORG Tue Oct 30 17:06:26 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6F6F16A473 for ; Tue, 30 Oct 2007 17:06:26 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr2.xs4all.nl (smtp-vbr2.xs4all.nl [194.109.24.22]) by mx1.freebsd.org (Postfix) with ESMTP id 62BE513C4B8 for ; Tue, 30 Oct 2007 17:06:25 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr2.xs4all.nl (8.13.8/8.13.8) with ESMTP id l9UH6Drn010495; Tue, 30 Oct 2007 18:06:13 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id 70413B82D; Tue, 30 Oct 2007 18:06:13 +0100 (CET) Date: Tue, 30 Oct 2007 18:06:13 +0100 From: Roland Smith To: Stephen Allen Message-ID: <20071030170613.GC54116@slackbox.xs4all.nl> Mail-Followup-To: Stephen Allen , FreeBSD Questions References: <472647A0.3030009@brookes.ac.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NKoe5XOeduwbEQHU" Content-Disposition: inline In-Reply-To: <472647A0.3030009@brookes.ac.uk> X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.16 (2007-06-09) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: FreeBSD Questions Subject: Re: Dangers of using a non-base shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Oct 2007 17:06:27 -0000 --NKoe5XOeduwbEQHU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 29, 2007 at 08:50:40PM +0000, Stephen Allen wrote: > It's been drawn to my attention not to use bash from the ports collection= ,=20 > because if one of it's dependencies (gettext or libiconv) fails or is=20 > updated significantly, it could break, and prevent login. The suggested= =20 > solution was to use a base shell (such as sh) and append 'bash -l' to .sh= rc=20 > to automatically enter bash. This is only a problem for root. If you want to use bash as root you should compile it statically. See below. > Would it be a better idea to use the pre-compiled binary for bash? And i= f=20 > I did so, could I be alerted to updates as easy as using 'pkg_version -v'= =20 > when checking if any ports need updating? You can define WITH_STATIC_BASH when you're building bash, so the binary is self-contained. But if you're starting in single user mode, only / will be mounted. So if you have /usr or /usr/local on a separate partition, you'd be screwed. That is why root should only use a shell that's in the / partition. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --NKoe5XOeduwbEQHU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHJ2SFEnfvsMMhpyURAmy9AJ9V+Trh9WndL02Ldb1Uc5t3O2X2yQCfdS1p wB9RNBeldVkhNnkrFut5ptA= =rLm0 -----END PGP SIGNATURE----- --NKoe5XOeduwbEQHU--