bash - superuser

Erik Norgaard norgaard at locolomo.org
Mon Dec 20 07:57:49 PST 2004 

Tom Vilot wrote:
>> Using a shell not contained in the root filesystem can cause problems 
>> even when not in single user mode. There are enough examples in the 
>> archives.
> 
> Admittedly, I'm still a bit of a noob, but I can't stand any shell but 
> bash.

Is it a big problem just to start bash once you've logged in?

I had it like you untill I discovered just how cool csh manage your 
command history: Type the first letter and it will only go trough 
commands with that letter, type two ... yeah you guessed right.

But I do like that bash shows me the options when autocomplete does not 
have a unique completion.

If it really annoys you, you can go through scripting the login such 
that it will start bash if it exists and otherwise csh/sh whatever.
It is doable, I had my login create a time stamp file and open an editor 
on logout to produce a cvs-sort-of-like history - why where you root?

>> Just not for root. You should not even use the root account 
>> unless absolutely necessary.
>>
> Ya mean like ...
> 
>  ... editing /etc/rc.conf

which you do only on new systems - about the first month of running.

>  ... installing a port or package
>  ... updating the ports tree and/or running portupgrade

Have your ports tree writable by the staff/administrator group. When 
privileges needs to be elevated you are prompted for a password.

>  ... configuring the firewall

Which you don't do on a daily basis.

>  ... backing up the file system

Which is a cronjob.

>  ... checking /var/log files for attempts at cracking

Consider setting the permisions for the group so wheel members have read 
permissions.

>  ... reading root's email

You don't, just as you don't send email as root. root email should be 
forwarded to members of the wheel group, and a local copy only kept for 
reading when everything is down.

Alternatively, with cyrus-imap you can share a common mail-box to 
specific users. I like this solution, as I can see if someone else had 
read the mail and hence assume they also took care of any problems.

It is my experience that if mail is not forwarded the responsible will 
tend to forget to read it and problems may go unnoticed for days.

>  ... rsyncing to a remote server

rsyncing what? do you allow remote root login on your servers? I don't 
have anything that needs rsync by root, but even when I did, it was a 
cronjob.

Certainly, there are things that need to be done as root, but these are 
typically single commands.

You don't need a permanent root shell. If you have a major task to do as 
root, go ahead startup bash - what's the big problem?

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2

More information about the freebsd-questions mailing list