Why reccomend Bash shell?
pauls at utdallas.edu
Thu Dec 16 08:12:41 PST 2004
--On Thursday, December 16, 2004 11:11:03 AM +0000 Matthew Seaman
<m.seaman at infracaninophile.co.uk> wrote:
> On point that no one has mentioned on this list yet is that it is a good
> idea to have root's shell be entirely contained on the root partition of
> the system -- ie. not just the executable, but any shlibs it requires as
> well. There's been a thread over on freebsd-ports at ... about ppp(8)
> apparently failing because of problems linking libintl -- which actually
> turned out to be because root's shell had been changed to bash(1).
I'm curious to know why you would change root's shell to bash. You can
change shells at the cli easily. What's one more command before you start
> On the other hand, I take the view that the less done by the super user
> the better, and discourage myself to use sudo(1) preferentially and to
> keep su(1) sessions as short as possible by making root's shell as
> /unfriendly/ as possible.
Is this a religious argument? Or is there a sound security basis for it?
I ask because I'm not sure I see the difference. I prefer to leave sudo
set up to prompt for a password. This at least reminds you that what
you're doing is "root's" work (and if you screw up, you could do "bad"
things.) If I'm going to do a lot of work, I just su - to root, do the
work and then get out. I don't allow remote root access, so I'm wondering
- am I exposing my systems to some unnecessary risk? Or is this just a
matter of personal preference?
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the freebsd-questions