From owner-freebsd-questions@freebsd.org Tue Jun 30 14:58:35 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 25C4B34D0FF for ; Tue, 30 Jun 2020 14:58:35 +0000 (UTC) (envelope-from dwilde1@gmail.com) Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49x6tf2crFz4W05 for ; Tue, 30 Jun 2020 14:58:34 +0000 (UTC) (envelope-from dwilde1@gmail.com) Received: by mail-lj1-x236.google.com with SMTP id 9so22959709ljc.8 for ; Tue, 30 Jun 2020 07:58:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=egQnRcvLM8x5RcDxNi+zO/kv1adSx+0b6MVmrDd+/Hw=; b=LDRlVv+nTqSpF/F9sC7+c4PfNasOGnk66iDWnW2GhQy/EeRTQCDOmxmkN3PE+70mCk 8FMUn7aoX4UCIOuJl10cNpiSih6r3iUY2SXhQrxn2kgk9qpRby20QO/UkSVPQUmoLn4t 1CQS4Lc5yU9bepl0rSL7htEB6X+P7nnyGaesWWiNlakooJ10uQa9edr0IA3oPlJETwSr ZsPX5jx8o6GbyxRcQdIssB6WTlXmuGW6Pyu8xq6KQC4s2gtfPrrQpRXS4YG15ROfUrrU h9RQUMZqnehVdeK4FlpueMvqpYTGup+AlKTHDm+lw5GMmhXh7lGLL57U2lY9Zl5nUe8S QAnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=egQnRcvLM8x5RcDxNi+zO/kv1adSx+0b6MVmrDd+/Hw=; b=DUzrGl4uIQARUXUl3PuIQudilyopx6AhQKVYo8x08Uu48GdMH+u+ysK8aXLkY0JRAf uw7Bw7G1WTGJcx42AQbqdpPnm8fitMOUZlCHpKJfwGo8cGQMcdpnSmwzX+63gybb2aRl MBOjRK5sdrN+jqV7GDISg5e70U9agLIjoNhkMcS1HLtCpHOCUdmkbi8pwMDMxO1A9EB/ +xVgdSfqZ9Qpj2LwjtQtzu4JfmhStTiCHWK6qfcaeZVkzF6p99ozhBYF3I/KwkOMdKUO w1+vkJVv3cLY5L2hAKbKGZqc0+MqFTooYgBTdjd+XrrST8otV3cjdrgJyZQsoL4B4CPo dD+A== X-Gm-Message-State: AOAM5325JLVZ4VyPX5zzXJIFmzJwXK1rvemUaUzdi8FUSryhv0rU9H7U mFm9nxZe6rbMFCgQ2Wvf+Ch3/SOdsTve9OdhgzyEhKzK X-Google-Smtp-Source: ABdhPJxtB8c2GSfqL+wO40PNFZDfgJcBspk8QspMxFRJd6LwLAyypW6SE0O7Na6feilKuqSWTwlas2fjP4PhGqsnf/4= X-Received: by 2002:a05:651c:11d1:: with SMTP id z17mr809215ljo.330.1593529112228; Tue, 30 Jun 2020 07:58:32 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ab3:4703:0:0:0:0:0 with HTTP; Tue, 30 Jun 2020 07:58:31 -0700 (PDT) Reply-To: dwilde1@gmail.com In-Reply-To: <20200630160443.7dc3d086.freebsd@edvax.de> References: <20200630104317.812dce86b2dc5ea5a42a1ee1@sohara.org> <20200630143913.e27eb3e3.freebsd@edvax.de> <20200630160443.7dc3d086.freebsd@edvax.de> From: Donald Wilde Date: Tue, 30 Jun 2020 07:58:31 -0700 Message-ID: Subject: Re: Shell To: Polytropon Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 49x6tf2crFz4W05 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=LDRlVv+n; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of dwilde1@gmail.com designates 2a00:1450:4864:20::236 as permitted sender) smtp.mailfrom=dwilde1@gmail.com X-Spamd-Result: default: False [-3.73 / 15.00]; HAS_REPLYTO(0.00)[dwilde1@gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.73)[-0.728]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.992]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.01)[-1.011]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_REPLYTO(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::236:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2020 14:58:35 -0000 On 6/30/20, Polytropon wrote: > On Tue, 30 Jun 2020 06:33:44 -0700, Donald Wilde wrote: >> I would add only one suggestion here, and that would be to consider >> using bash-static and parking it in a place where it is available in >> the event of an excruciating mishap. > > This is usually where the "toor" user is interesting: It is > for interactive use, but in worst case, regular "root" will > always work as expected. Yes, exactly. As one of my model train heroes once said, "In the event of excruciating pain..." and the sign on his layout pointed to a largish hammer. :) >> The only concern with doing so is that doing so causes the (larger!) >> bash-static kernel to be used everywhere. If you have lots of regular >> users with console prompts, this could be painful. > [snip] >> I haven't done this, but it should be possible to install both >> bash-static and bash. One would have to rename the first (bash-static) >> to something other than 'bash' and add that to the /etc/shells file, >> but after doing so also install the bash package with the >> non-monolithic binary 'bash' and use that as the shell for regular >> users. > > That is an even better approach. :-) Excellent. Glad you think so, Polytropon! For completeness, one would also want to alter the /etc/group file for the toor user, since it does not appear to be automatically created any more, at least in my 12-STABLE system. Since the 'mailing list etiquette' answer has already been written as an Article on FreeBSD.org, and far better than I could do it (!!!), I will apply myself to testing this process and writing an Article describing this and submit it for comment and posting. This way, our community has the benefit of the active development of BASH by the GPL guys and also supporting the folks like me who are surprised by TCSH behavior. I believe it has value beyond just me, although it's pretty complex to add as a section in the Handbook. :D -- Don Wilde **************************************************** * What is the Internet of Things but a system * * of systems including humans? * ****************************************************