From owner-freebsd-questions@FreeBSD.ORG Mon Mar 2 01:55:18 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0446A1065676 for ; Mon, 2 Mar 2009 01:55:18 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8C7578FC0C for ; Mon, 2 Mar 2009 01:55:17 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-196-52-176.dynamic.qsc.de [92.196.52.176]) by mx02.qsc.de (Postfix) with ESMTP id 1392816C0082; Mon, 2 Mar 2009 02:55:15 +0100 (CET) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id n221tAbJ001617; Mon, 2 Mar 2009 02:55:10 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 2 Mar 2009 02:55:09 +0100 From: Polytropon To: Daniel Lannstrom Message-Id: <20090302025509.100163c4.freebsd@edvax.de> In-Reply-To: <20090301164355.GA29675@haruhi> References: <20090301155532.GA29514@haruhi> <4ad871310903010811o47b77f04y7976819e101b881b@mail.gmail.com> <20090301164355.GA29675@haruhi> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Root shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2009 01:55:18 -0000 On Sun, 1 Mar 2009 17:43:55 +0100, Daniel Lannstrom wrote: > On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: > > This explains one of the reasons not to change root's shell: > > > > http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT > > Yes that's exactly what I meant. Is there any other reason except for > that? As I see it that problem can easily be solved by copying bash to > the root file system. Also many systems today have the root and /usr > on the same file system. I wouldn't rely on the "many systems today" assumption. As an addition, I'd like to mention that there are "two root shells": First is the system's standard scripting shell /bin/sh which is usually invoked first when entering maintenance mode (single user mode). As well as FreeBSD's standard dialog shell /bin/csh it resides on the / partition. Maybe it can be seen as an "unwritten law", or at least as a kind of well intended suggestion to use /bin/csh for root's dialog shell as well as /bin/sh for scripting. It may be considered "old fashion", but it has served well to follow this suggestion over the years. Just as a very individual example, I haven't found any need to install BASH on any system I've done so far. But it's completely okay to have BASH as a user's dialog shell when the system is up and running well. Furthermore, I don't think copying the bash* binary is sufficient to have BASH in SUM in a problem situation (which is: / is mounted ro, nothing else mounted). Reason: % which bash | xargs ldd /usr/local/bin/bash: libncurses.so.7 => /lib/libncurses.so.7 (0x280ff000) libintl.so.8 => /usr/local/lib/libintl.so.8 (0x2813d000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28146000) libc.so.7 => /lib/libc.so.7 (0x2823b000) There are library dependencies on /usr partition. -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...