Date: Sun, 1 Mar 2009 11:40:16 -0700 From: Geoff Fritz <gfritz@gmail.com> To: Sniper <kkiller@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Root shell Message-ID: <20090301184016.GA61100@dev.null> In-Reply-To: <20090301161650.GB15344@melon.esperance-linux.co.uk> References: <d2f26f270903010650h243df36bx2ea07d434567633e@mail.gmail.com> <20090301161650.GB15344@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 01, 2009 at 04:16:50PM +0000, Frank Shute wrote: > On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote: > > > > Hi! > > > > I heard that changing root shell to bash is not good idea, also programing > > in any C shell not applicable. So which shell is the most appropriate for > > root user ? > > > > I changed my root shell to pdksh with no ill-effects. I just copied it > from /usr/local/bin to /bin and added it to /etc/shells. Then vipw. > > pdksh is statically linked and I don't know if bash is. If it's not > you wont be able to use it in single user mode but you can always use > /bin/sh instead. I, too, like pdksh for my root accounts. If I have a system where /usr/local does not share the / device, I will copy it over. There's the WITH_STATIC_BASH knob to make bash a static binary, as well. As noted by someone in the archives, ksh-alikes have issues allocating a tty when used in a jail accessed via jexec, so beware of that. As system shell scripts have their correctly defined #! shell (/bin/sh), it really doesn't matter what you use for an interactive shell so long as you trust the source distribution of that shell (which should be an obvious conclusion, since the FreeBSD team is oly responsible for those shells that come packaged with the base OS). Purists will note that root's choice of shell is of no consequence since nobody should be using the root account for any serious long-term interactive use in the first place. Except for environments where there's an assumed lack of trust in the admins (use sudo), delegation of root-like powers to lesser admins (use sudo), or strict audit/logging requirements (use sudosh or more serious auditing mechanisms), I personally feel that hobbling an admin with a non-root account is of dubious value. In any case, there's no functional reason to not use the shell of your choice. However, individuals or organizations will stronly differ in their admin philosophy. -- Geoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090301184016.GA61100>