From nobody Tue Oct 12 13:37:36 2021 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 40A6417E24C2 for ; Tue, 12 Oct 2021 13:37:41 +0000 (UTC) (envelope-from gljennjohn@gmail.com) Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HTGtr0jMWz4cyx for ; Tue, 12 Oct 2021 13:37:40 +0000 (UTC) (envelope-from gljennjohn@gmail.com) Received: by mail-wr1-x42c.google.com with SMTP id i12so54374084wrb.7 for ; Tue, 12 Oct 2021 06:37:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=MomcGJGkNp05Pu9OKGFuyru96Se9UwQhWyC0PQ6vMCY=; b=J/5zbAk9QoIVAeoc0SNMSiLNJ+9obWte0UcSmx/IJKB1uekc0WRgQydQXNzuAoRbnV nCrHUG5aLEigLA8o0xrjVM8gvkINEgFAUawKSTE33Im1rqrZ+r9J4dC8yMomgdaWveY3 k3wp5e2/mkR0dGCz7c0yIKtaW5QSf45znN4Us2OCVvr4VxG3PJRTwLCj/6qgEgLOmn7m OShkgfZnJKOYGSzoblkVPHozD6qN1h/L6yit0sBpLjsxPlCnZBe5vGgGUjAM8MJGeWAC Ao7dIoY9Q9bJmSjPAHlPSxaOFdG2YYy5/fYk6ACzJMP+f6sA3BuGqVK0PUNTTXDYlqum SJyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=MomcGJGkNp05Pu9OKGFuyru96Se9UwQhWyC0PQ6vMCY=; b=tgpNudgAzrVkac7NXZeWlARD3mV695cTA6tvQ5Z6Lua9WiGT2SAVopQoJXnQI78BN5 kwCDx42Q+qGIEQwkRI5rGah5dg01EqtLY4wNYFljavKvNxD4d4fYoz8ZZfWJE5wl3bxM +cjLOdDUH2bUUI0gOeo+j4pDSfyqk2rLeyose/DfOWBlcQoOU/i9jXwUhezPcnwHFqqE XcYNDnVBC4uBwCHtrPv8a38fQ1MnD3R5kWroT1onqhPny4WLbLu4l5eXPKyEyKuov/EY 9+w5kitpOm9YKtPytoFPORty7lSv2w7xL+mAduaVVj2vsznlv8CRdX5i2E8QyfmmI6+p K+mw== X-Gm-Message-State: AOAM5312sGqvkmW9KRPvE1fW+/fnZPq4ghRnk9Vf9dg6deLhFp3/8bTB BrpGu4uJWzjtdEnHxyO/85c4/6Pw2iU= X-Google-Smtp-Source: ABdhPJyWPZxPHTEohWSI1GFeRa/4ODsqqsGS4e4GjSOx0L4mlkka0ZFk1V0y9oZqAS2+R3A945WgcA== X-Received: by 2002:a05:6000:1449:: with SMTP id v9mr32725563wrx.137.1634045858484; Tue, 12 Oct 2021 06:37:38 -0700 (PDT) Received: from ernst.home (p5b3becad.dip0.t-ipconnect.de. [91.59.236.173]) by smtp.gmail.com with ESMTPSA id o19sm11076069wrg.60.2021.10.12.06.37.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Oct 2021 06:37:37 -0700 (PDT) Date: Tue, 12 Oct 2021 15:37:36 +0200 From: Gary Jennejohn To: freebsd-current@freebsd.org Subject: Re: [HEADSUP] making /bin/sh the default shell for root Message-ID: <20211012153736.1321828c@ernst.home> In-Reply-To: References: <6B2E21D5-0DF1-4BCC-A27C-DFFBB201FB52@gmail.com> <20211012142126.66036897@ernst.home> Reply-To: gljennjohn@gmail.com X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4HTGtr0jMWz4cyx X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b="J/5zbAk9"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of gljennjohn@gmail.com designates 2a00:1450:4864:20::42c as permitted sender) smtp.mailfrom=gljennjohn@gmail.com X-Spamd-Result: default: False [1.99 / 15.00]; HAS_REPLYTO(0.00)[gljennjohn@gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RECEIVED_SPAMHAUS_PBL(0.00)[91.59.236.173:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_REPLYTO(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[0.998]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_LONG(1.00)[0.996]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42c:from]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On Tue, 12 Oct 2021 14:42:48 +0200 Guido Falsi via freebsd-current wrote: > On 12/10/21 14:21, Gary Jennejohn wrote: > > On Tue, 12 Oct 2021 06:59:00 -0400 > > grarpamp wrote: > > > >>> No. The system shell is supposed to make the system usable > >>> by the users. Actually, the real problem is that the easiest way > >>> to shoot one's own foot is by changing the language (say, the > >>> shell) spoken by default by FreeBSD. > >> > >> Well, the FreeBSD system speaks sh for its own use, this is clearly > >> documented as the shell called by init(8), and later by rc(8), > >> it should probably be the root:0 entry at least for consistancy. > >> No other shell is called by the FreeBSD system there. > >> Whatever the users want for their own shells is really up > >> to them to decide after that. > >> > >> "Default" is bit of low context word, as there is no falling > >> back to some shell occuring, no filling in for some missing > >> option, etc. Maybe use word "shipped" or "root" instead. > >> > >> Everyone said they already do, and will continue to, > >> exec whatever shell they like, whether after login, > >> or by changing the entry. So in addition to the user > >> being ultimately responsible for their own box and usage, > >> this well announced entry for UPDATING cannot therein > >> really be responsible for any user self-shooting. > >> > >>> This is non-sense. > >> > >> Well, FreeBSD does not add every shell in base, > >> does not add every app to base, etc. > >> Some reasons for those limits should be obvious. > >> This update gives further distilling clarity by > >> limiting the number of shipped uid 0 entries to 1, > >> with that 1 being sh. > >> > >>> Every unix user should know that it's > >>> possible to changing the used shell by using > >>> chsh and this includes root. > >> > >> Then for every user, this update is not a problem. > >> > > > > I've been using UNIX both privately and professionally since 1984 > > and I must admit that I never heard of chsh before seeing this > > e-mail. I simply use vipw; it's the logical way to do this sort > > of thing IMHO. But I suppose that this is the way to go for users > > who don't have root access (which I always have). > > AFAIK only root can use vipw, while chsh is usable by all system users. > Which is pretty much what I wrote above. > Guess you've been root since 1984 :) > On the systems I've had control of, always. I started out with 4.2BSD running on a VAX, which didn't have chpass, so csh was the default. The VAX was used to cross-compile AT&T III/IV/V to run on Motorola CPUs. I always had full control of the target machines, although the Bourne shell was pretty much the only shell available then. After relocating for that employer from Berkeley to Germany I helped administer the VAX, so I had to have root access. Unfortunately, the german spinoff went tits up in 1989 and I decided to stay in Germany. And, no matter where I was employed after that, I was always able to get root access, which I never abused. But since 2000 I've administered my own FreeBSD machines at home as a freelancer (but I'm now retired), so root access is always required. -- Gary Jennejohn