Re: Root shell
On Sunday 01 March 2009 07:47:44 Glen Barber wrote: On Sun, Mar 1, 2009 at 11:43 AM, Daniel Lannstrom o...@trekdanne.se wrote: On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: This explains one of the reasons not to change root's shell: http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT Yes that's exactly what I meant. Is there any other reason except for that? As I see it that problem can easily be solved by copying bash to the root file system. Also many systems today have the root and /usr on the same file system. You'd have to also copy more than just the binary file. True, that's why ports respect PREFIX. It's more complex than that, and generally is a Bad Idea(tm). FUD. Just use: make -C /usr/ports/shells/bash -DWITH_STATIC_BASH PREFIX=/ (or PREFIX=/opt or PREFIX=/static or whatever, just as long as it resides on the root partition). If something isn't working that should work (f.e. rc.d scripts), it's easy to chsh -s /bin/csh, relog and see if it works then. I've seen one case where a startup script didn't work because root shell was zsh. Judging from that case, zsh thought it was running interactively or PROMPTS set in .zlogin rather then .zshrc and various tty related commands screwed things up. Also, zsh is more aggressive on correcting command line arguments. All this ammounts to know your shell which is an argument *for* changing root's shell to something you're familiar with, rather leaving it at csh out of unfounded paranoia. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
RW-15 wrote: On Sun, 1 Mar 2009 16:16:50 + Frank Shute fr...@shute.org.uk wrote: pdksh is statically linked and I don't know if bash is. It's a build option. Seems root should have a static shell always... otherwise, all bets are off as some of the shared libs may be inaccessible or damaged. So long as bash is statically linked and properly located, there should not be an issue. But most folks (linux users) aren't aware of the implications of dynamic linking and such. So it's probably best to 'just say no' to the OP's question. Leave root's shell alone unless you know what you're doing and bash is built appropriately. -- View this message in context: http://www.nabble.com/Root-shell-tp22274005p22293187.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Mon, Mar 02, 2009 at 09:55:39AM -0800, new_guy wrote: RW-15 wrote: On Sun, 1 Mar 2009 16:16:50 + Frank Shute fr...@shute.org.uk wrote: pdksh is statically linked and I don't know if bash is. It's a build option. Seems root should have a static shell always... otherwise, all bets are off as some of the shared libs may be inaccessible or damaged. So long as bash is statically linked and properly located, there should not be an issue. But most folks (linux users) aren't aware of the implications of dynamic linking and such. So it's probably best to 'just say no' to the OP's question. Leave root's shell alone unless you know what you're doing and bash is built appropriately. Well put. jerry -- View this message in context: http://www.nabble.com/Root-shell-tp22274005p22293187.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 1, 2009 at 9:50 AM, Sniper kkil...@gmail.com wrote: Hi! I heard that changing root shell to bash is not good idea, also programing in any C shell not applicable. So which shell is the most appropriate for root user ? /bin/csh -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
Why is this not a good idea? The only reason I can think of it that you want your root shell on the root hard drive. As many system use a separate partition for /usr and that bash installs to /usr/local/bin per default I can see how that can cause troubles. But are there any other reasons? Unstability in bash? Unexpected behaivor causing more harm in a root shell? On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote: I heard that changing root shell to bash is not good idea ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 1, 2009 at 10:55 AM, Daniel Lannstrom o...@trekdanne.se wrote: Why is this not a good idea? The only reason I can think of it that you want your root shell on the root hard drive. As many system use a separate partition for /usr and that bash installs to /usr/local/bin per default I can see how that can cause troubles. But are there any other reasons? Unstability in bash? Unexpected behaivor causing more harm in a root shell? This explains one of the reasons not to change root's shell: http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote: Hi! I heard that changing root shell to bash is not good idea, also programing in any C shell not applicable. So which shell is the most appropriate for root user ? I changed my root shell to pdksh with no ill-effects. I just copied it from /usr/local/bin to /bin and added it to /etc/shells. Then vipw. pdksh is statically linked and I don't know if bash is. If it's not you wont be able to use it in single user mode but you can always use /bin/sh instead. Another option is to use the toor account rather than messing around with root. I think programming with csh is deprecated nowadays - a shell guru could tell you if that's true. Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
Frank Shute wrote: I think programming with csh is deprecated nowadays - a shell guru could tell you if that's true. Sure csh is deprecated for programming, and has been for a long time[*]. But this is not about shell programming. It's about what interactive shell root should have. That's a very different thing, and [t]csh is just fine for interactive use. Cheers, Matthew [*] Anyone with any sense will write posix compliant scripts using /bin/sh for maximum portability. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Root shell
On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: This explains one of the reasons not to change root's shell: http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT Yes that's exactly what I meant. Is there any other reason except for that? As I see it that problem can easily be solved by copying bash to the root file system. Also many systems today have the root and /usr on the same file system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 1, 2009 at 11:43 AM, Daniel Lannstrom o...@trekdanne.se wrote: On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: This explains one of the reasons not to change root's shell: http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT Yes that's exactly what I meant. Is there any other reason except for that? As I see it that problem can easily be solved by copying bash to the root file system. Also many systems today have the root and /usr on the same file system. You'd have to also copy more than just the binary file. It's more complex than that, and generally is a Bad Idea(tm). -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
I heard that changing root shell to bash is not good idea from whom? use what you like the most. , also programing in any C shell not applicable. So which shell is the most appropriate for root user ? anything you like. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
Why is this not a good idea? The only reason I can think of it that you want your root shell on the root hard drive. As many system use a separate partition for /usr and that bash installs to /usr/local/bin per yes it may be a reason, but there is always /rescue directory. and - at least me - prefer to have as little partition as possible to not make things complicated. most cases swap+/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, 1 Mar 2009 16:16:50 + Frank Shute fr...@shute.org.uk wrote: pdksh is statically linked and I don't know if bash is. It's a build option. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 01, 2009 at 04:16:50PM +, Frank Shute wrote: On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote: Hi! I heard that changing root shell to bash is not good idea, also programing in any C shell not applicable. So which shell is the most appropriate for root user ? I changed my root shell to pdksh with no ill-effects. I just copied it from /usr/local/bin to /bin and added it to /etc/shells. Then vipw. pdksh is statically linked and I don't know if bash is. If it's not you wont be able to use it in single user mode but you can always use /bin/sh instead. I, too, like pdksh for my root accounts. If I have a system where /usr/local does not share the / device, I will copy it over. There's the WITH_STATIC_BASH knob to make bash a static binary, as well. As noted by someone in the archives, ksh-alikes have issues allocating a tty when used in a jail accessed via jexec, so beware of that. As system shell scripts have their correctly defined #! shell (/bin/sh), it really doesn't matter what you use for an interactive shell so long as you trust the source distribution of that shell (which should be an obvious conclusion, since the FreeBSD team is oly responsible for those shells that come packaged with the base OS). Purists will note that root's choice of shell is of no consequence since nobody should be using the root account for any serious long-term interactive use in the first place. Except for environments where there's an assumed lack of trust in the admins (use sudo), delegation of root-like powers to lesser admins (use sudo), or strict audit/logging requirements (use sudosh or more serious auditing mechanisms), I personally feel that hobbling an admin with a non-root account is of dubious value. In any case, there's no functional reason to not use the shell of your choice. However, individuals or organizations will stronly differ in their admin philosophy. -- Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote: Hi! I heard that changing root shell to bash is not good idea, also programing in any C shell not applicable. So which shell is the most appropriate for root user ? You can get your tail in a crack if you boot to single user or another file system like /usr is not available./bin/csh (which on FreeBSD is the same as tcsh) is always available and a few things are written so they expect it. So, leave root alone. If you must lower yourself to bash, make another account and set its shell to bash. You can even make an alternate root and make it bash if you really must work in root. USe vipw and copy the toor line in the passwd file and change the name to something you like and the shell to bash and the home directory to /root/whatever. Then set the password for this account As root do: passwd whatever follow prompts. You must put the id name on the passwd command or it will change root instead. I am not necessarily recommending all this, but it is better tham changing the actual root account's shell. jerry Regards, Jurif ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, 1 Mar 2009 13:51:32 -0500 Jerry McAllister jerr...@msu.edu wrote: I am not necessarily recommending all this, but it is better tham changing the actual root account's shell. besides, you don't really need to, do you? i just log in with su -m and get to use my own account's aliases etc, but as root. -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, 1 Mar 2009 17:43:55 +0100, Daniel Lannstrom o...@trekdanne.se wrote: On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote: This explains one of the reasons not to change root's shell: http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT Yes that's exactly what I meant. Is there any other reason except for that? As I see it that problem can easily be solved by copying bash to the root file system. Also many systems today have the root and /usr on the same file system. I wouldn't rely on the many systems today assumption. As an addition, I'd like to mention that there are two root shells: First is the system's standard scripting shell /bin/sh which is usually invoked first when entering maintenance mode (single user mode). As well as FreeBSD's standard dialog shell /bin/csh it resides on the / partition. Maybe it can be seen as an unwritten law, or at least as a kind of well intended suggestion to use /bin/csh for root's dialog shell as well as /bin/sh for scripting. It may be considered old fashion, but it has served well to follow this suggestion over the years. Just as a very individual example, I haven't found any need to install BASH on any system I've done so far. But it's completely okay to have BASH as a user's dialog shell when the system is up and running well. Furthermore, I don't think copying the bash* binary is sufficient to have BASH in SUM in a problem situation (which is: / is mounted ro, nothing else mounted). Reason: % which bash | xargs ldd /usr/local/bin/bash: libncurses.so.7 = /lib/libncurses.so.7 (0x280ff000) libintl.so.8 = /usr/local/lib/libintl.so.8 (0x2813d000) libiconv.so.3 = /usr/local/lib/libiconv.so.3 (0x28146000) libc.so.7 = /lib/libc.so.7 (0x2823b000) There are library dependencies on /usr partition. -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell
On Sun, 1 Mar 2009 11:21:54 -0800, prad p...@towardsfreedom.com wrote: besides, you don't really need to, do you? i just log in with su -m and get to use my own account's aliases etc, but as root. Furthermore, since the introduction of the sudo command (which is installabe by ports / package) prefixing commands with sudo seems to be okay for most tasks. And as you said, Prad, using FreeBSD's su command (su -m) will usually do just fine. Another wisdom about this topic: If you see that you're spending so much time as 'root' that you feel you need to change the root shell to BASH, you're obviously doing something wrong. :-) -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root shell [was: How to create another account with root privileges?]
# [EMAIL PROTECTED] / 2002-10-10 16:06:26 +0300: Also, never change the shell for root. It needs to be as it is for some things to work right. I have been using bash for root shell some time now without noticing any problems. My bash is statically linked and I have moved it to /bin. What kind of problems should I expect? in this case probably none. the warning (sh|c)ould be generalized to never change root's shell to one that is not completely contained in the root fs. -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 3:24PM up 22 days, 22:39, 18 users, load averages: 0.07, 0.12, 0.08 end To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Root shell [was: How to create another account with rootprivileges?]
I have been using bash for root shell some time now without noticing any problems. My bash is statically linked and I have moved it to /bin. What kind of problems should I expect? in this case probably none. the warning (sh|c)ould be generalized to never change root's shell to one that is not completely contained in the root fs. Thanks for the assurance! I was worried there would be some script that runs root's login shell for some weird reason. Bash apparently isn't a drop in replacement for sh, as I was lead to believe. -- Cheers, Petri Metis / Petri Riihikallio GSM: +358 400 505 939 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
