From owner-freebsd-questions@freebsd.org Tue Jun 30 15:18:51 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 93F3534DC3C for ; Tue, 30 Jun 2020 15:18:51 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49x7L22P47z4WxS for ; Tue, 30 Jun 2020 15:18:50 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.5.93.47]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPA (Nemesis) id 1MKsSj-1jXFZy3c7R-00LIbW; Tue, 30 Jun 2020 17:18:48 +0200 Date: Tue, 30 Jun 2020 17:18:47 +0200 From: Polytropon To: dwilde1@gmail.com Cc: freebsd-questions Subject: Re: Shell Message-Id: <20200630171847.45d831d6.freebsd@edvax.de> In-Reply-To: References: <20200630104317.812dce86b2dc5ea5a42a1ee1@sohara.org> <20200630143913.e27eb3e3.freebsd@edvax.de> <20200630160443.7dc3d086.freebsd@edvax.de> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:FLJjydiHb6c5T8uLhBE1SSwAYG29QnwzHEHVzuv3ogfgQHnLriN eKAd3jTBvBgZ9Z04ftYy3QrntCSKPhLSbyDYeB1zunfZKgfzI12Ad5SK/M1YxClhSfhxxBe Vbvs77wlNRSWxqLtnmstf5QvcqahD3eATu5SbUDqTSTkW/CluIPAXhSCrsQpBZscUJ4lpKq Xz931dFTHGCO4fiAFL55Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:ason8iEwoDw=:ONki+/Pz6ZP+lWJ+olisPm w9ISXnZgESSLuIEv2E6OA8MygDExz0fng8bg4MTZTiUm7KJomxp+IDk40+dGKqNH5NSeJqGiO d1A0k0PVLwHgXCzSi8rRUKRxghsgmHR93d8kljBThQQNKrgXCDZCMVX7F9b3KGcEArQKkraqT YyD2sXU4EzVL+WpUngs+HqKqrMEgwuj/ZjO/62VFPwV7v1tor03wOADW5eFY4kwpp0tacEFIe 4BrCXEPfgsLAG+izZviL7JIL6C0/34wrP4gJmgFNcAME6JDHriC4KrOUs1o+bS6acosL33/TV uh924J0ldlE+S7izS2RpKrmYMIkzlRQu7AEBWBfUrxvVPxRWYaViWKVm/rAba1TQG1emNxd5g MM1VaLvxMgTXT7I4NES48PkwvSXosnIpBDp3ywAPCoZpH71bHv72GI7+ztUpIj9GEisCHEYny NdCsaZlVMH2LF9X4GzBJ7CrKWJKrnjV+UdH5A7HpPRdBYxrj6iYhYVmyVGB9AjX53B6LneKB2 Sltk9Yu/fGgks+q+nBSissky1qm5sY7qBfWAmeD8wZvtrwIaSj90pF9lQTr45GcYFdjIUgAdA kXn9cczvjYAUC453WxIUxGYbOx0RnJ8YvqmC65X8t8MOYEVCMRlYI78aet+kSyJKhVmTF5xy2 7cH5fpNL84S5kXp101BPT8gZlxhLKHwgneHympjeGEB7RBtqkUwe281ZXb8cvILDgtadEeRFD KW0BjJTFk8s8q9aSfRfvQ4AEPx1bCt3YcsKRXh+iflwBdmUAn0Z8yEAFMozGwjR7tG2sC0Auv Ujo1tioVqDrOOsZTzVuNKGUZj5zzCX5l5bTSrFlWBBcBHc1GuI= X-Rspamd-Queue-Id: 49x7L22P47z4WxS X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.130) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [2.12 / 15.00]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; NEURAL_HAM_SHORT(-0.31)[-0.311]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[178.5.93.47:received]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.47)[-0.465]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.49)[0.495]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.227.126.130:from]; R_SPF_NA(0.00)[no SPF record]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.126.130:from]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2020 15:18:51 -0000 On Tue, 30 Jun 2020 07:58:31 -0700, Donald Wilde wrote: > On 6/30/20, Polytropon wrote: > > On Tue, 30 Jun 2020 06:33:44 -0700, Donald Wilde wrote: > >> I would add only one suggestion here, and that would be to consider > >> using bash-static and parking it in a place where it is available in > >> the event of an excruciating mishap. > > > > This is usually where the "toor" user is interesting: It is > > for interactive use, but in worst case, regular "root" will > > always work as expected. > > Yes, exactly. As one of my model train heroes once said, "In the event > of excruciating pain..." and the sign on his layout pointed to a > largish hammer. :) In case of emergency, break glass. And then? No and then! :-) > [...] > >> I haven't done this, but it should be possible to install both > >> bash-static and bash. One would have to rename the first (bash-static) > >> to something other than 'bash' and add that to the /etc/shells file, > >> but after doing so also install the bash package with the > >> non-monolithic binary 'bash' and use that as the shell for regular > >> users. > > > > That is an even better approach. :-) > > Excellent. Glad you think so, Polytropon! > > For completeness, one would also want to alter the /etc/group file for > the toor user, since it does not appear to be automatically created > any more, at least in my 12-STABLE system. Yes, while toor is in /etc/passwd, it's not in /etc/group. Probably it never was, so that's something the sysadmin has to add manually. The real advantage of having the toor user as "interactive root account" is that in the worst case, the unavailablility of the desired dialog shell leads to a "login - logout", not to a system panic during single-user mode startup. In the past, aside from dealing with the static vs. dynamic linking (and non-availability of said dynamic libraries), non-OS shells could have resided on a partition other than the root partition, but during single-user startup, only / is mounted (and r/o), so whatever shell has been selected _must_ be available on /, and run from there, simply because /usr (and therefore /usr/local/bin and /usr/local/lib) could be a different partition (!) that hasn't been mounted. With today's "put everything on /" this is not a problem anymore, though. :-) > This way, our community has the benefit of the active development of > BASH by the GPL guys and also supporting the folks like me who are > surprised by TCSH behavior. Luckily, there's choice (!) on FreeBSD so you can use whatever shell suits your needs and preferences. Personally, while I prefer the C shell's interactive behaviour over bash's, I use bash for developing "one-liners" that tend to evolve into bigger shell scripts, and being able to "use this for this, use that for that" is definitely an advantage over "use this, nothing else exists". :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...