From owner-freebsd-questions@FreeBSD.ORG Tue Mar 3 17:05:32 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC951106574B for ; Tue, 3 Mar 2009 17:05:32 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 866388FC13 for ; Tue, 3 Mar 2009 17:05:31 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.lan.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 5BE10AFC1FE; Tue, 3 Mar 2009 08:05:31 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 3 Mar 2009 08:05:31 -0900 User-Agent: KMail/1.9.10 References: <20090301164355.GA29675@haruhi> <4ad871310903010847w7542b038w6f7787bb231d0bef@mail.gmail.com> In-Reply-To: <4ad871310903010847w7542b038w6f7787bb231d0bef@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200903030805.31189.fbsd.questions@rachie.is-a-geek.net> Cc: Daniel Lannstrom , Glen Barber Subject: Re: Root shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2009 17:05:35 -0000 On Sunday 01 March 2009 07:47:44 Glen Barber wrote: > On Sun, Mar 1, 2009 at 11:43 AM, Daniel Lannstrom wrote: > > On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: > >> This explains one of the reasons not to change root's shell: > >> > >> http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT > > > > Yes that's exactly what I meant. Is there any other reason except for > > that? As I see it that problem can easily be solved by copying bash to > > the root file system. Also many systems today have the root and /usr > > on the same file system. > > You'd have to also copy more than just the binary file. True, that's why ports respect PREFIX. > It's more > complex than that, and generally is a Bad Idea(tm). FUD. Just use: make -C /usr/ports/shells/bash -DWITH_STATIC_BASH PREFIX=/ (or PREFIX=/opt or PREFIX=/static or whatever, just as long as it resides on the root partition). If something isn't working that should work (f.e. rc.d scripts), it's easy to chsh -s /bin/csh, relog and see if it works then. I've seen one case where a startup script didn't work because root shell was zsh. Judging from that case, zsh thought it was running interactively or PROMPTS set in .zlogin rather then .zshrc and various tty related commands screwed things up. Also, zsh is more aggressive on correcting command line arguments. All this ammounts to "know your shell" which is an argument *for* changing root's shell to something you're familiar with, rather leaving it at csh out of unfounded paranoia. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.