From nobody Tue Oct 12 12:42:48 2021 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9A2E717EAC14 for ; Tue, 12 Oct 2021 12:42:59 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (vogon.madpilot.net [159.69.1.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HTFgk3PcPz3rKF for ; Tue, 12 Oct 2021 12:42:58 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 4HTFgb44jFz6pMy for ; Tue, 12 Oct 2021 14:42:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :from:from:references:content-language:subject:subject:date:date :message-id:received; s=bjowvop61wgh; t=1634042569; x= 1635856970; bh=gHRbcShfY42MPA/HKTzlwUXqrhb/zS9i0ePtJ/rfTxE=; b=b rTYqxSuCdvuQ38uHXKrS/I0Y9uwzRyLylOnwObc2Ym2jW7IjMnVDNJ1z230/aLXj 2utPUqmjdUEJJUR5QQpib6AW74H0w6j/rZR2Qs7uFXZ9YuJYEFlk+rqJ05AzGWD0 mV9qz8Eq0OI+HQiBfKKo+HAl4FUMsWDyCQkgbKwhxbEW2lTTO92LHMbCinnJl0PD +gm6FT7ev8VkugONDftE8RytMwtU0yG5hbmpmJuNpKH2mLR14ri5r5eARaIKaj8L eD/hlavMSbBXOxpv8kr1TlkwbWse5o1MRfJ71mjRwe8IDuBpy2y/jffjy1zAtQNv wo+//OMItCaFGLnNf14iw== Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10026) with ESMTP id ZrRxveZE8QIX for ; Tue, 12 Oct 2021 14:42:49 +0200 (CEST) Message-ID: Date: Tue, 12 Oct 2021 14:42:48 +0200 Subject: Re: [HEADSUP] making /bin/sh the default shell for root Content-Language: en-US To: freebsd-current@freebsd.org References: <6B2E21D5-0DF1-4BCC-A27C-DFFBB201FB52@gmail.com> <20211012142126.66036897@ernst.home> In-Reply-To: <20211012142126.66036897@ernst.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4HTFgk3PcPz3rKF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=madpilot.net header.s=bjowvop61wgh header.b="b rTYqxS"; dmarc=pass (policy=quarantine) header.from=madpilot.net; spf=pass (mx1.freebsd.org: domain of mad@madpilot.net designates 159.69.1.99 as permitted sender) smtp.mailfrom=mad@madpilot.net X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[madpilot.net:s=bjowvop61wgh]; FROM_HAS_DN(0.00)[]; MISSING_MIME_VERSION(2.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.997]; RCVD_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; DKIM_TRACE(0.00)[madpilot.net:+]; DMARC_POLICY_ALLOW(-0.50)[madpilot.net,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] Reply-To: mad@madpilot.net From: Guido Falsi via freebsd-current X-Original-From: Guido Falsi X-ThisMailContainsUnwantedMimeParts: N List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org On 12/10/21 14:21, Gary Jennejohn wrote: > On Tue, 12 Oct 2021 06:59:00 -0400 > grarpamp wrote: > >>> No. The system shell is supposed to make the system usable >>> by the users. Actually, the real problem is that the easiest way >>> to shoot one's own foot is by changing the language (say, the >>> shell) spoken by default by FreeBSD. >> >> Well, the FreeBSD system speaks sh for its own use, this is clearly >> documented as the shell called by init(8), and later by rc(8), >> it should probably be the root:0 entry at least for consistancy. >> No other shell is called by the FreeBSD system there. >> Whatever the users want for their own shells is really up >> to them to decide after that. >> >> "Default" is bit of low context word, as there is no falling >> back to some shell occuring, no filling in for some missing >> option, etc. Maybe use word "shipped" or "root" instead. >> >> Everyone said they already do, and will continue to, >> exec whatever shell they like, whether after login, >> or by changing the entry. So in addition to the user >> being ultimately responsible for their own box and usage, >> this well announced entry for UPDATING cannot therein >> really be responsible for any user self-shooting. >> >>> This is non-sense. >> >> Well, FreeBSD does not add every shell in base, >> does not add every app to base, etc. >> Some reasons for those limits should be obvious. >> This update gives further distilling clarity by >> limiting the number of shipped uid 0 entries to 1, >> with that 1 being sh. >> >>> Every unix user should know that it's >>> possible to changing the used shell by using >>> chsh and this includes root. >> >> Then for every user, this update is not a problem. >> > > I've been using UNIX both privately and professionally since 1984 > and I must admit that I never heard of chsh before seeing this > e-mail. I simply use vipw; it's the logical way to do this sort > of thing IMHO. But I suppose that this is the way to go for users > who don't have root access (which I always have). AFAIK only root can use vipw, while chsh is usable by all system users. Guess you've been root since 1984 :) -- Guido Falsi