I have held off from replying to this thread, but felt now was the time to
reply. As an FYI, I have been changing root's shell on Solaris since the
version 2.5 time frame, when my religion changed from Bourne to csh. :) Since
that time, I have never had any problems recovering from corrupted root file
systems, running init/run control scripts, etc.
To also follow up, I am posting an email from my personal (email) archives.
This is an old post, and I don't know if it is on line or on the web anywhere.
I just thought that it was a well written and technically accurate document.
Hope this helps,
Jerry Kemp
.........................................................................
From: "Brown, Melissa" <[EMAIL PROTECTED]>
Date: Wed Aug 16, 2000 06:12:11 PM US/Central
To: [email protected]
Subject: Re: Proposed Solaris Rootshell FAQ
Reply-To: Focus on Sun Mailing List <[email protected]>
Well said!! Thanks for the remarks!!
I know I appreciate the one for sysadmins spending too much time as root.
Geesh, the only time I ever log on to the servers to do anything requires
root! I have nothing else to do on the machine!
:-)
Thanks again,
Melissa
-----Original Message-----
From: Roger Marquis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 16, 2000 2:33 PM
To: [email protected]
Subject: Proposed Solaris Rootshell FAQ
It's a really bad thing replacing the root sh in solaris systems in
case of any system malfunction and if it drops you to the maintenance
shell (with no multiuser) to maintain system disks for example it could
be a very hard way to do any task as well as if the other shell u will
use is mounted on any other disk or partition rather than the root
partition it will be dramatically a misery for your solaris box.
Given all the FUD that always accompany this old administrators wives
tale I'd like to propose the following Solaris Root Shell FAQ.
FUD) the password file will get misedited and the root account will
be locked-out.
While it's always possible to mis-edit /etc/password using
a text editor this does not mean that the root shell shouldn't
be changed. It does mean that the password file should be edited
with "vipw" instead of "vi /etc/passwd".
FUD) SunSolve FAQs and SRDBs strongly suggest that you not change
root's shell.
Perhaps several years ago but a cursory search for [root shell]
turned up a number of articles explaining how to chage the root shell
safely (FAQ ID 2707, SRDB ID 6282, and SRDB ID 6307).
FUD) claims that cron scripts won't work if the root shell is
changed.
Cron scripts are executed under Bourne shell regardless of
the root shell. This has been the case since at least SunOS 3,
if not SunOS 1.
FUD) claims that /etc/rc scripts won't work if the root shell is
changed.
This was partly true several years ago. From 2.3 onward (1994?) all
system rc scripts execute correctly regardless of the root shell.
FUD) sysadmins are spending too much time as root if they want to
change the shell.
Professional systems administrators spend a large portion of their
time as root because it's part of their job. While it is true that
tasks which can be performed as a non-root user generally should,
this does not mean that admins have no legitimate reasons for
frequently accessing the root account nor that these admins cannot be
more productive with a modern root shell, whether defined in the
password file or run as a separate command.
FUD) you'll need a CDROM drive on any machine where the root shell
is changed, in case you need to boot to another password file.
As long as the root shell is correctly defined, on the root
partition, and /usr/lib is on the root partition there is no problem
booting single-user and logging-in as root using a dynamically linked
shell.
Since the advent of 1GB hard drives several years ago there has been
no good reason for partitioning /usr. If your system has a partition
for /usr or /usr/lib it would be prudent to move it to the root
partition, which should have several hundred MB free. Depending on a
server's applications /var/spool, /var/tmp, /opt, and/or /usr/local
may need their own partition, but /usr shouldn't.
FUD) There are many reasons to not change the root shell all you
need to know is to never do it again.
Claims that anything is "all you need to know" are
generally incorrect.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
_______________________________________________
Solaris-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/solaris-users
