bash - superuser
Erik Norgaard
norgaard at locolomo.org
Mon Dec 20 07:57:49 PST 2004
Tom Vilot wrote:
>> Using a shell not contained in the root filesystem can cause problems
>> even when not in single user mode. There are enough examples in the
>> archives.
>
> Admittedly, I'm still a bit of a noob, but I can't stand any shell but
> bash.
Is it a big problem just to start bash once you've logged in?
I had it like you untill I discovered just how cool csh manage your
command history: Type the first letter and it will only go trough
commands with that letter, type two ... yeah you guessed right.
But I do like that bash shows me the options when autocomplete does not
have a unique completion.
If it really annoys you, you can go through scripting the login such
that it will start bash if it exists and otherwise csh/sh whatever.
It is doable, I had my login create a time stamp file and open an editor
on logout to produce a cvs-sort-of-like history - why where you root?
>> Just not for root. You should not even use the root account
>> unless absolutely necessary.
>>
> Ya mean like ...
>
> ... editing /etc/rc.conf
which you do only on new systems - about the first month of running.
> ... installing a port or package
> ... updating the ports tree and/or running portupgrade
Have your ports tree writable by the staff/administrator group. When
privileges needs to be elevated you are prompted for a password.
> ... configuring the firewall
Which you don't do on a daily basis.
> ... backing up the file system
Which is a cronjob.
> ... checking /var/log files for attempts at cracking
Consider setting the permisions for the group so wheel members have read
permissions.
> ... reading root's email
You don't, just as you don't send email as root. root email should be
forwarded to members of the wheel group, and a local copy only kept for
reading when everything is down.
Alternatively, with cyrus-imap you can share a common mail-box to
specific users. I like this solution, as I can see if someone else had
read the mail and hence assume they also took care of any problems.
It is my experience that if mail is not forwarded the responsible will
tend to forget to read it and problems may go unnoticed for days.
> ... rsyncing to a remote server
rsyncing what? do you allow remote root login on your servers? I don't
have anything that needs rsync by root, but even when I did, it was a
cronjob.
Certainly, there are things that need to be done as root, but these are
typically single commands.
You don't need a permanent root shell. If you have a major task to do as
root, go ahead startup bash - what's the big problem?
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
More information about the freebsd-questions
mailing list