Re: bash - superuser
On Mon, Dec 20, 2004 at 04:54:51PM -0500, Jerry McAllister wrote: Then the thing to do is create another root account and make the default shell for that one be bash, leaving the root root be /bin/sh. So for those of us that want to go back to the way things should be, (leaving root shell be /bin/sh) I fire up vipw and change this: root:*:0:0:Charlie :/root:/usr/local/bin/bash to this: root:*:0:0:Charlie :/root:/bin/sh Right? Then I keep using sudo all the time. But if I need to do some big work as root, I can su to root and get bash simply by typing: /usr/local/bin/bash Right? Just want to be clear on this. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Friday 24 December 2004 09:53 am, Andy Firman wrote: On Mon, Dec 20, 2004 at 04:54:51PM -0500, Jerry McAllister wrote: Then the thing to do is create another root account and make the default shell for that one be bash, leaving the root root be /bin/sh. So for those of us that want to go back to the way things should be, (leaving root shell be /bin/sh) I fire up vipw and change this: root:*:0:0:Charlie :/root:/usr/local/bin/bash to this: root:*:0:0:Charlie :/root:/bin/sh Right? Then I keep using sudo all the time. But if I need to do some big work as root, I can su to root and get bash simply by typing: /usr/local/bin/bash Right? Just want to be clear on this. Thanks. I think that should do it. If you wanted root to use bash all the time, couldn't you compile/install a static version into /bin/? I've never done it; but I know that NetBSD has some statically linked shells in their ports (pkgsrc) that install to /bin/, so I would think it should be possible. Best of luck, Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Friday 24 December 2004 16:06, Andrew L. Gould wrote: On Friday 24 December 2004 09:53 am, Andy Firman wrote: On Mon, Dec 20, 2004 at 04:54:51PM -0500, Jerry McAllister wrote: Then the thing to do is create another root account and make the default shell for that one be bash, leaving the root root be /bin/sh. So for those of us that want to go back to the way things should be, (leaving root shell be /bin/sh) I fire up vipw and change this: root:*:0:0:Charlie :/root:/usr/local/bin/bash to this: root:*:0:0:Charlie :/root:/bin/sh Right? Then I keep using sudo all the time. But if I need to do some big work as root, I can su to root and get bash simply by typing: /usr/local/bin/bash Right? Just want to be clear on this. Thanks. I think that should do it. If you wanted root to use bash all the time, couldn't you compile/install a static version into /bin/? I've never done it; but I know that NetBSD has some statically linked shells in their ports (pkgsrc) that install to /bin/, so I would think it should be possible. Best of luck, Andrew Gould I've always been curious as to why you can't(shouldn't?) just change the shell that root uses. -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Dec 24, Josh Paetzel launched this into the bitstream: On Friday 24 December 2004 16:06, Andrew L. Gould wrote: On Friday 24 December 2004 09:53 am, Andy Firman wrote: On Mon, Dec 20, 2004 at 04:54:51PM -0500, Jerry McAllister wrote: Then the thing to do is create another root account and make the default shell for that one be bash, leaving the root root be /bin/sh. So for those of us that want to go back to the way things should be, (leaving root shell be /bin/sh) I fire up vipw and change this: root:*:0:0:Charlie :/root:/usr/local/bin/bash to this: root:*:0:0:Charlie :/root:/bin/sh Right? Then I keep using sudo all the time. But if I need to do some big work as root, I can su to root and get bash simply by typing: /usr/local/bin/bash Right? Just want to be clear on this. Thanks. I think that should do it. If you wanted root to use bash all the time, couldn't you compile/install a static version into /bin/? I've never done it; but I know that NetBSD has some statically linked shells in their ports (pkgsrc) that install to /bin/, so I would think it should be possible. Best of luck, Andrew Gould I've always been curious as to why you can't(shouldn't?) just change the shell that root uses. Josh that's been the backbone of this particular thread over the last few days. I'd check the archives and follow the entire thread all the way through, in order to view the (rather eloquent) arguments for and against that have been posted. FWIW (and that's maybe not much) at installation time I use the default shell when su'd, but when I get a new box up and reasonably configured I switch root shell to bash. Notwithstanding all the reasons raised wherein it's thought that you shouldn't I've honestly never run into a problem with it - thus far anyway. If eventually I do, well there y'go I guess, I'll rethink the matter through if (or when) the bad things happen. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Friday 24 December 2004 10:52 am, Josh Paetzel wrote: -snip- I've always been curious as to why you can't(shouldn't?) just change the shell that root uses. I think it has to do with the fact that some shells executables are in /bin and others are in /usr/local/bin. Root users should use a shell in /bin so that if something goes wrong and the /usr partition doesn't get mounted during bootup, root can still use its default shell. Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On 2004-12-24 15:38, Colin J. Raven [EMAIL PROTECTED] wrote: On Dec 24, Josh Paetzel launched this into the bitstream: I've always been curious as to why you can't(shouldn't?) just change the shell that root uses. Josh that's been the backbone of this particular thread over the last few days. I'd check the archives and follow the entire thread all the way through, in order to view the (rather eloquent) arguments for and against that have been posted. FWIW (and that's maybe not much) at installation time I use the default shell when su'd, but when I get a new box up and reasonably configured I switch root shell to bash. Notwithstanding all the reasons raised wherein it's thought that you shouldn't I've honestly never run into a problem with it - thus far anyway. If eventually I do, well there y'go I guess, I'll rethink the matter through if (or when) the bad things happen. There is a case that even a statically linked bash may fail, leaving you with a system that can only boot in single user mode: - When the system ABI changes in a way that ports *are* broken, even if compiled statically. The system ABI (application binary interface) may change in an incompatible way only if you're running CURRENT and the internals of some library change drastically. This should *never* affect the binaries built as part of the recommended buildworld/buildkernel cycle, which means that /bin/csh and /bin/sh should still work. Applications compiled from the Ports _may_ break though. Even if statically linked. Having said that, I have been using `exec bash -l' as the first command after I su to root for a long time now, and it only broke once (when the stdin/stdout/stderr changes where made to libc). - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Greg 'groggy' Lehey wrote: This is a particularly tenacious rumour. I've been using bash as my root shell on many different UNIX platforms for nearly 14 years, and I've never had any problems. I've also never seen any substantiated problems reported anywhere. Besides, when your favourite shell is hosed, you most likely cannot log in anyways, since usually root login is disabled for sshd. And then it's about the only case when it's getting tough.. when it's a machine that's hosted somewhere in a rack at a hosing provider, probably one of the most common situations today in business environments. When one has physical access to the machine, it's a non-issue. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
--On Friday, December 24, 2004 6:53 AM -0900 Andy Firman [EMAIL PROTECTED] wrote: So for those of us that want to go back to the way things should be, (leaving root shell be /bin/sh) I fire up vipw and change this: root:*:0:0:Charlie :/root:/usr/local/bin/bash to this: root:*:0:0:Charlie :/root:/bin/sh Right? Correct. Then I keep using sudo all the time. But if I need to do some big work as root, I can su to root and get bash simply by typing: /usr/local/bin/bash Right? Correct. However, there's one more thing you need to know. When you use su, if you type % su, you become root, but you are using *your* path. If you want to use root's path, type %su -. That makes you root *with* root's path, and makes things much easier for you. Then just type % bash at the prompt, and you are using bash as your shell. The only gotcha (if you want to call it that) is that you have to type % exit twice to stop being root - once to get out of bash, and the second time to exit your su - session. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Tom Vilot wrote: Admittedly, I'm still a bit of a noob, but I can't stand any shell but bash. Then log in as your normal user and then do a 'su -m' -Tabor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: bash- superuser
(sorry if I cocked up your threading, readers - I accidentally deleted Gregs mail and so pasted this from google groups). There are a couple of reasons why this shouldn't happen: 1. You don't normally start networking until you have mounted your local file systems. 2. The problem is related to the invocation of su(1). It's not clear why that's there. Still, it shows that there are issues. It may be sufficient to document them. People who follow the advice in The Complete FreeBSD won't run into this problem, since they won't install a separate /usr file system. I thought the issue was the ldconfig path not being set up at the point that pppd called su? pppd lives in /usr, after all :) Assuming that's wrong, doesn't freebsd have a notion of 'critical filesystems' and and 'pre-networking filesystems' a la NetBSD? I used to have to set this on netbsd to get wicontrol from /usr before dhcp and would be a non-issue if you statically linked bash (I can't think of any reason to want a dynamically linked one). One reason is that bash pulls in a lot of libraries. That's why we used dynamic libraries in the first place. That's a bit of a circular argument, isn't it? :) People Who Know have advised me in the past that the VM system performs better if you statically link common binaries - you get better reuse of memory. -- 'The pie is ready. You guys like swarms of things, right?' -- Bender Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, Dec 20, 2004 at 08:22:12AM -0700, Tom Vilot typed: Admittedly, I'm still a bit of a noob, but I can't stand any shell but bash. That's fine untill you're going to troubleshoot/administer a system with no bash installed. No problem for people to be productive with bash or whatever shell they prefer. Just not for root. You should not even use the root account unless absolutely necessary. Ya mean like ... ... editing /etc/rc.conf ... installing a port or package ... updating the ports tree and/or running portupgrade ... configuring the firewall ... backing up the file system ... checking /var/log files for attempts at cracking ... reading root's email ... rsyncing to a remote server I would be curious how I could do any of the above as someone other than root. While most of these tasks do indeed require root-privileges, none of them requires more then a single command line. This command line would be exactly the same wether you're using bash or [[t]c]sh so there's no reason for changing root's default shell here. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, Dec 20, 2004 at 04:57:36PM +0100, Erik Norgaard typed: ... But I do like that bash shows me the options when autocomplete does not have a unique completion. set autolist will do the equivalent in [t]csh Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash- superuser
On Tue, Dec 21, 2004 at 10:14:15AM +, Dick Davies wrote: (sorry if I cocked up your threading, readers - I accidentally deleted Gregs mail and so pasted this from google groups). There are a couple of reasons why this shouldn't happen: 1. You don't normally start networking until you have mounted your local file systems. 2. The problem is related to the invocation of su(1). It's not clear why that's there. Still, it shows that there are issues. It may be sufficient to document them. People who follow the advice in The Complete FreeBSD won't run into this problem, since they won't install a separate /usr file system. I thought the issue was the ldconfig path not being set up at the point that pppd called su? pppd lives in /usr, after all :) Not quite. The issue was that the /etc/rc.d/ppp-user script calls su. su starts a shell - in this case it tried to start bash since that was root's shell. At that point in the process the system was not yet configured to find the libraries bash needed. ppp as such was fairly irrelevant - it was su that caused the problems. Assuming that's wrong, doesn't freebsd have a notion of 'critical filesystems' and and 'pre-networking filesystems' a la NetBSD? I used to have to set this on netbsd to get wicontrol from /usr before dhcp Probably, but /usr/local is probably not normally considered to be one. and would be a non-issue if you statically linked bash (I can't think of any reason to want a dynamically linked one). One reason is that bash pulls in a lot of libraries. That's why we used dynamic libraries in the first place. That's a bit of a circular argument, isn't it? :) People Who Know have advised me in the past that the VM system performs better if you statically link common binaries - you get better reuse of memory. That depends. If you run many instances of the same binary at the same time you will probably get slightly better performance if it is statically linked. On the other hand if you several different binaries running all linked to the same libraries, then you get better memory reuse if they are dynamically linked since only one copy of the library needs to be loaded into memory (at least the code parts of the library.) -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash- superuser
* Erik Trulsson [EMAIL PROTECTED] [1234 11:34]: On Tue, Dec 21, 2004 at 10:14:15AM +, Dick Davies wrote: I thought the issue was the ldconfig path not being set up at the point that pppd called su? pppd lives in /usr, after all :) Not quite. The issue was that the /etc/rc.d/ppp-user script calls su. su starts a shell - in this case it tried to start bash since that was root's shell. At that point in the process the system was not yet configured to find the libraries bash needed. ppp as such was fairly irrelevant - it was su that caused the problems. Sure, I mean that the filesystem *is* mounted at this point, so Greg not having a separate /usr won't help in this case. Assuming that's wrong, doesn't freebsd have a notion of 'critical filesystems' and and 'pre-networking filesystems' a la NetBSD? I used to have to set this on netbsd to get wicontrol from /usr before dhcp Probably, but /usr/local is probably not normally considered to be one. No, exactly, but my point is that if you were going to be using stuff from /usr/local, then you could set this in rc.conf and be sure: a) it was mounted b) ldconfig had at least looked at /usr/local/lib b) is tricky, on netbsd we generally do our linking at compile time so this kind of thing isn't an issue, so long as /usr/local/lib is available bash will work). -- 'When the door hits you in the ass on the way out, clean off the smudge your ass leaves, please' -- Alien loves Predator Rasputin :: Jack of All Trades - Master of Nuns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Giuliano Cardozo Medalha wrote: Hi, I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Thanks a lot Don't. Leave /bin/sh as your shell. If you want to run bash as root, log in as usual and then run 'exec bash' to replace your current shell with bash. This is a basic rule of hygiene when working as root. You'll appreciate working this way when you lose your /usr partition one day... David ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. But you can change the shell of the toor user, who has also a uid of 0. /GM ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
* Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? I really don't get what the problem is with this 'sh is on the root' argument. Using bash is a lot more productive for many people, so why not let them use it? If you're really terrified of not knowing how to use sh, then stick a static bash in /bin. To the original poster: just be root and run 'chsh'. -- 'I should have been a plumber.' -- Albert Einstein Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, Dec 20, 2004 at 01:32:53PM +, Dick Davies typed: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. I really don't get what the problem is with this 'sh is on the root' argument. Using bash is a lot more productive for many people, so why not let them use it? No problem for people to be productive with bash or whatever shell they prefer. Just not for root. You should not even use the root account unless absolutely necessary. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. Admittedly, I'm still a bit of a noob, but I can't stand any shell but bash. I really don't get what the problem is with this 'sh is on the root' argument. Using bash is a lot more productive for many people, so why not let them use it? No problem for people to be productive with bash or whatever shell they prefer. Just not for root. You should not even use the root account unless absolutely necessary. Ya mean like ... ... editing /etc/rc.conf ... installing a port or package ... updating the ports tree and/or running portupgrade ... configuring the firewall ... backing up the file system ... checking /var/log files for attempts at cracking ... reading root's email ... rsyncing to a remote server I would be curious how I could do any of the above as someone other than root. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Tom Vilot wrote: Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. Admittedly, I'm still a bit of a noob, but I can't stand any shell but bash. Is it a big problem just to start bash once you've logged in? I had it like you untill I discovered just how cool csh manage your command history: Type the first letter and it will only go trough commands with that letter, type two ... yeah you guessed right. But I do like that bash shows me the options when autocomplete does not have a unique completion. If it really annoys you, you can go through scripting the login such that it will start bash if it exists and otherwise csh/sh whatever. It is doable, I had my login create a time stamp file and open an editor on logout to produce a cvs-sort-of-like history - why where you root? Just not for root. You should not even use the root account unless absolutely necessary. Ya mean like ... ... editing /etc/rc.conf which you do only on new systems - about the first month of running. ... installing a port or package ... updating the ports tree and/or running portupgrade Have your ports tree writable by the staff/administrator group. When privileges needs to be elevated you are prompted for a password. ... configuring the firewall Which you don't do on a daily basis. ... backing up the file system Which is a cronjob. ... checking /var/log files for attempts at cracking Consider setting the permisions for the group so wheel members have read permissions. ... reading root's email You don't, just as you don't send email as root. root email should be forwarded to members of the wheel group, and a local copy only kept for reading when everything is down. Alternatively, with cyrus-imap you can share a common mail-box to specific users. I like this solution, as I can see if someone else had read the mail and hence assume they also took care of any problems. It is my experience that if mail is not forwarded the responsible will tend to forget to read it and problems may go unnoticed for days. ... rsyncing to a remote server rsyncing what? do you allow remote root login on your servers? I don't have anything that needs rsync by root, but even when I did, it was a cronjob. Certainly, there are things that need to be done as root, but these are typically single commands. You don't need a permanent root shell. If you have a major task to do as root, go ahead startup bash - what's the big problem? Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, Dec 20, 2004 at 01:07:16PM +0100, Gerhard Meier said: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. More to the point, you should not change the shell to something outside of the / partition. For example, you can change it to 'tcsh' or something like that, as it exists in /bin. -- Adam Smith Internode : http://www.internode.on.net Phone : (08) 8228 2999 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Mon, 20 Dec 2004 12:29:37 +0100, David Landgren [EMAIL PROTECTED] wrote: Giuliano Cardozo Medalha wrote: Hi, I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Thanks a lot Don't. Leave /bin/sh as your shell. 'Leave' /bin/sh as your shell makes it sound like /bin/sh is the default root shell. Did this change in FreeBSD 5.x? It appears that in 4.x, the root shell is /bin/csh by default, which [I believe] is linked to /bin/tcsh. -- Joshua Lokken Open Source Advocate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Dick Davies wrote: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? I really don't get what the problem is with this 'sh is on the root' argument. Using bash is a lot more productive for many people, so why not let them use it? If you're really terrified of not knowing how to use sh, then stick a static bash in /bin. To the original poster: just be root and run 'chsh'. No. When you are logged in as root, you *should* have to go through extra hoops to get comfortable. I am not saying that you should not use bash when logged in as root. I am saying that you should not configure your root account to login with shell that is dysfunctional if /usr is unmounted. Yes, 'exec zsh' or whatever is a minor hassle, but it's there to remind you that root is different. If the OP had to ask, then it's pretty clear that he shouldn't. David ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Joshua Lokken wrote: On Mon, 20 Dec 2004 12:29:37 +0100, David Landgren [EMAIL PROTECTED] wrote: [...] Leave /bin/sh as your shell. 'Leave' /bin/sh as your shell makes it sound like /bin/sh is the default root shell. Did this change in FreeBSD 5.x? It appears that in 4.x, the root shell is /bin/csh by default, which [I believe] is linked to /bin/tcsh. No, it's still /bin/csh. My bad. I hate csh so much I usually change it to /bin/sh :) David ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
- Original Message - From: Joshua Lokken [EMAIL PROTECTED] To: David Landgren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 20, 2004 11:04 AM Subject: Re: bash - superuser On Mon, 20 Dec 2004 12:29:37 +0100, David Landgren [EMAIL PROTECTED] wrote: Giuliano Cardozo Medalha wrote: Hi, I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Thanks a lot Don't. Leave /bin/sh as your shell. 'Leave' /bin/sh as your shell makes it sound like /bin/sh is the default root shell. Did this change in FreeBSD 5.x? It appears that in 4.x, the root shell is /bin/csh by default, which [I believe] is linked to /bin/tcsh. -- Joshua Lokken Open Source Advocate csh is still the default root shell. At one time, systems required multiple drives due to space. So, these systems would have a partioning scheme such as: hda0 - / hda1 - /var hda2 - /swap hda3 - /usr ... and so on depending on their drive capacity at the time. Please keep in mind that this OS (and it's ancestors) were running on systems that had multiple drives with 20mb or less in their day. The tree has constantly grown from those days. As such, many admins use this scheme today because they either have used this scheme for 10's of years and don't wish to change their ways. Personal and/or financial reasoning aside as to why they don't wish to change is totally their decision. Even so, there are some good points to this methodology. It provides the ability to not lose the entire system in the event of drive failure. In this method, having the root shell on another partition invites failure for the entire system should root's shell reside on a crashed / failed partition. No root, no repair capability. On the other hand, many admins use a system with a single drive in them and use NIS/NFS as their userland drive space. Some may even have /usr/ itself fed from NFS. In either method, if you want to use anything other than csh, you will need to move it to /bin. You want it to be uncorruptable in the event of breach. So, if you still wish to use bash as the root shell, copy the executable into /bin, add it to /etc/shells, and set it immutable (chflags schg /bin/bash) so that in the event of breach, the shell is still unable to be modified and will be reachable in the event of NFS or partition failure. With the state of drives, raid arrays, etc in todays world, either way will work just as good as the other. Each person has their own preferences for their own reasons. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
* Ruben de Groot [EMAIL PROTECTED] [1250 14:50]: Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. Indulge me with an example? -- 'When the door hits you in the ass on the way out, clean off the smudge your ass leaves, please' -- Alien loves Predator Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. Admittedly, I'm still a bit of a noob, but I can't stand any shell but bash. I really don't get what the problem is with this 'sh is on the root' argument. Using bash is a lot more productive for many people, so why not let them use it? No problem for people to be productive with bash or whatever shell they prefer. Just not for root. You should not even use the root account unless absolutely necessary. Ya mean like ... ... editing /etc/rc.conf ... installing a port or package ... updating the ports tree and/or running portupgrade ... configuring the firewall ... backing up the file system ... checking /var/log files for attempts at cracking ... reading root's email ... rsyncing to a remote server I would be curious how I could do any of the above as someone other than root. Then the thing to do is create another root account and make the default shell for that one be bash, leaving the root root be /bin/sh. Then, just use the other account for all that stuff, and keep the root root pristine for disasters. Alternatively, while you are logged in as the root root and the needed file systems are mounted, type '/usr/local/bin/bash' or whatever path it is installed as and viola you have bash. jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
* David Landgren [EMAIL PROTECTED] [1241 17:41]: Dick Davies wrote: To the original poster: just be root and run 'chsh'. No. When you are logged in as root, you *should* have to go through extra hoops to get comfortable. On my box I have a # prompt to tell me I'm root. I don't sit on a drawing pin when I su just to remind me I have godly powers, and I don't see why I should be banging zeroes together to get ones when I can be more productive (and therefore spend less time with escalated privileges) in bash. I am not saying that you should not use bash when logged in as root. I am saying that you should not configure your root account to login with shell that is dysfunctional if /usr is unmounted. Look, if /usr is unmounted and you are logged in, you are on the console : [EMAIL PROTECTED] gdm2 # which sshd /usr/sbin/sshd so you may as well be single user and pick the shell you want. If /usr is hosed, run /bin/*sh. What's the problem? Yes, 'exec zsh' or whatever is a minor hassle, but it's there to remind you that root is different. Sorry, but this is just dogma. Give me a benefit of not changing roots shell that isn't either: a) csh is really shitty, so encourages you not to su b) if your shell is in /usr you will be screwed if /usr is unmounted c) 'bash is for teh lam0rs' ( ok no-ones explicitly mentioned this yet, but admit it, it entered your head :) ) or let's just drop it. This thread has come back from the dead more than Captain Scarlet, it just gets my goat everytime I hear the same dubious arguments. -- 'Everyone's always in favour of saving Hitler's brain, but when you put it in the body of a Great White shark suddenly you've gone too far..' -- Prof. Farnsworth Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Monday, 20 December 2004 at 15:52:27 +0100, Ruben de Groot wrote: On Mon, Dec 20, 2004 at 01:32:53PM +, Dick Davies typed: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. This is a particularly tenacious rumour. I've been using bash as my root shell on many different UNIX platforms for nearly 14 years, and I've never had any problems. I've also never seen any substantiated problems reported anywhere. Greg -- See complete headers for address and phone numbers. pgpnhLc6Jamfv.pgp Description: PGP signature
Re: bash - superuser
On Tue, Dec 21, 2004 at 10:30:20AM +1030, Greg 'groggy' Lehey wrote: On Monday, 20 December 2004 at 15:52:27 +0100, Ruben de Groot wrote: On Mon, Dec 20, 2004 at 01:32:53PM +, Dick Davies typed: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. This is a particularly tenacious rumour. I've been using bash as my root shell on many different UNIX platforms for nearly 14 years, and I've never had any problems. I've also never seen any substantiated problems reported anywhere. There was actually an actual problem with having bash as root shell reported on this very list about a week ago. See http://docs.FreeBSD.org/cgi/mid.cgi?41C0CC10.4020109 and http://docs.FreeBSD.org/cgi/mid.cgi?20041216001329.GA37679 for the conclusion of the thread. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
* Erik Trulsson [EMAIL PROTECTED] [1224 00:24]: On Tue, Dec 21, 2004 at 10:30:20AM +1030, Greg 'groggy' Lehey wrote: On Monday, 20 December 2004 at 15:52:27 +0100, Ruben de Groot wrote: On Mon, Dec 20, 2004 at 01:32:53PM +, Dick Davies typed: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. This is a particularly tenacious rumour. I've been using bash as my root shell on many different UNIX platforms for nearly 14 years, and I've never had any problems. I've also never seen any substantiated problems reported anywhere. There was actually an actual problem with having bash as root shell reported on this very list about a week ago. See http://docs.FreeBSD.org/cgi/mid.cgi?41C0CC10.4020109 and http://docs.FreeBSD.org/cgi/mid.cgi?20041216001329.GA37679 for the conclusion of the thread. I can't see the beginning of the thread there, but ISTR that's a problem with the pppd script running before the dynamic library path is set up (so being unable to see /usr/local/lib). That's hardly a bash issue, and would be a non-issue if you statically linked bash (I can't think of any reason to want a dynamically linked one). -- 'In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move.' -- The Guide Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash - superuser
On Tuesday, 21 December 2004 at 0:45:45 +, Dick Davies wrote: * Erik Trulsson [EMAIL PROTECTED] [1224 00:24]: On Tue, Dec 21, 2004 at 10:30:20AM +1030, Greg 'groggy' Lehey wrote: On Monday, 20 December 2004 at 15:52:27 +0100, Ruben de Groot wrote: On Mon, Dec 20, 2004 at 01:32:53PM +, Dick Davies typed: * Gerhard Meier [EMAIL PROTECTED] [1207 12:07]: On Mon, Dec 20, 2004 at 08:41:57AM -0200, Giuliano Cardozo Medalha wrote: I have a machine with FreeBSD 5.3 - release -p2. I have installed bash from ports. How is possible to use bash in root account ? Do not change the shell of the root account. If you have /usr or /usr/local on a separate partition, and you cannot mount for some reason, you wont be able to fix that, without booting from another device. No, but you'll still be able to use /bin/sh when going single user, so what's the big deal? Using a shell not contained in the root filesystem can cause problems even when not in single user mode. There are enough examples in the archives. This is a particularly tenacious rumour. I've been using bash as my root shell on many different UNIX platforms for nearly 14 years, and I've never had any problems. I've also never seen any substantiated problems reported anywhere. There was actually an actual problem with having bash as root shell reported on this very list about a week ago. See http://docs.FreeBSD.org/cgi/mid.cgi?41C0CC10.4020109 and http://docs.FreeBSD.org/cgi/mid.cgi?20041216001329.GA37679 for the conclusion of the thread. I can't see the beginning of the thread there, but ISTR that's a problem with the pppd script running before the dynamic library path is set up (so being unable to see /usr/local/lib). Yes, that's correct. That's hardly a bash issue, It can't happen if you use a standard shell, so to a certain extent it's a valid criticism of my statement. I'm still thinking about the implications. There are a couple of reasons why this shouldn't happen: 1. You don't normally start networking until you have mounted your local file systems. 2. The problem is related to the invocation of su(1). It's not clear why that's there. Still, it shows that there are issues. It may be sufficient to document them. People who follow the advice in The Complete FreeBSD won't run into this problem, since they won't install a separate /usr file system. and would be a non-issue if you statically linked bash (I can't think of any reason to want a dynamically linked one). One reason is that bash pulls in a lot of libraries. That's why we used dynamic libraries in the first place. In any case, we're not talking about custom shell builds here. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. pgp7fg0yOk2hd.pgp Description: PGP signature
