From owner-freebsd-questions@FreeBSD.ORG Mon Dec 20 17:53:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B04F16A4CE for ; Mon, 20 Dec 2004 17:53:43 +0000 (GMT) Received: from smtp1.tsgincorporated.com (ns1.tsgincorporated.com [67.66.242.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B64743D49 for ; Mon, 20 Dec 2004 17:53:40 +0000 (GMT) (envelope-from micheal@tsgincorporated.com) Received: from localhost (localhost.tsgincorporated.com [127.0.0.1]) by smtp1.tsgincorporated.com (Postfix) with ESMTP id 378013A73E1; Mon, 20 Dec 2004 11:53:40 -0600 (CST) Received: from smtp1.tsgincorporated.com ([127.0.0.1])port 10024) with ESMTP id 76476-06; Mon, 20 Dec 2004 11:53:38 -0600 (CST) Received: from smtp3.tsgincorporated.com (radsubmit.tsgincorporated.com [67.66.242.9]) by smtp1.tsgincorporated.com (Postfix) with ESMTP id C30823A73E0; Mon, 20 Dec 2004 11:53:38 -0600 (CST) Received: from micheal (micheal.tsgincorporated.com [67.66.242.77]) by smtp3.tsgincorporated.com (Postfix) with SMTP id B9CA662899; Mon, 20 Dec 2004 11:53:38 -0600 (CST) Message-ID: <03fe01c4e6bc$d5f37980$4df24243@tsgincorporated.com> From: "Micheal Patterson" To: "Joshua Lokken" , "David Landgren" References: <41C6AC75.6020608@uol.com.br> <41C6B7A1.1090708@landgren.net> Date: Mon, 20 Dec 2004 11:53:35 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: amavisd-new at tsgincorporated.com cc: freebsd-questions@freebsd.org Subject: Re: bash - superuser X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2004 17:53:43 -0000 ----- Original Message ----- From: "Joshua Lokken" To: "David Landgren" Cc: Sent: Monday, December 20, 2004 11:04 AM Subject: Re: bash - superuser > On Mon, 20 Dec 2004 12:29:37 +0100, David Landgren wrote: > > Giuliano Cardozo Medalha wrote: > > > Hi, > > > > > > I have a machine with FreeBSD 5.3 - release -p2. > > > > > > I have installed bash from ports. > > > > > > How is possible to use bash in root account ? > > > > > > Thanks a lot > > > > Don't. > > > > Leave /bin/sh as your shell. > > 'Leave' /bin/sh as your shell makes it sound like /bin/sh is the > default root shell. Did this change in FreeBSD 5.x? It appears > that in 4.x, the root shell is /bin/csh by default, which [I believe] > is linked to /bin/tcsh. > > > -- > Joshua Lokken > Open Source Advocate csh is still the default root shell. At one time, systems required multiple drives due to space. So, these systems would have a partioning scheme such as: hda0 - / hda1 - /var hda2 - /swap hda3 - /usr ... and so on depending on their drive capacity at the time. Please keep in mind that this OS (and it's ancestors) were running on systems that had multiple drives with 20mb or less in their day. The tree has constantly grown from those days. As such, many admins use this scheme today because they either have used this scheme for 10's of years and don't wish to change their ways. Personal and/or financial reasoning aside as to why they don't wish to change is totally their decision. Even so, there are some good points to this methodology. It provides the ability to not lose the entire system in the event of drive failure. In this method, having the root shell on another partition invites failure for the entire system should root's shell reside on a crashed / failed partition. No root, no repair capability. On the other hand, many admins use a system with a single drive in them and use NIS/NFS as their userland drive space. Some may even have /usr/ itself fed from NFS. In either method, if you want to use anything other than csh, you will need to move it to /bin. You want it to be uncorruptable in the event of breach. So, if you still wish to use bash as the root shell, copy the executable into /bin, add it to /etc/shells, and set it immutable ("chflags schg /bin/bash") so that in the event of breach, the shell is still unable to be modified and will be reachable in the event of NFS or partition failure. With the state of drives, raid arrays, etc in todays world, either way will work just as good as the other. Each person has their own preferences for their own reasons. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.