Why reccomend Bash shell?
Paul Schmehl
pauls at utdallas.edu
Thu Dec 16 08:12:41 PST 2004
--On Thursday, December 16, 2004 11:11:03 AM +0000 Matthew Seaman
<m.seaman at infracaninophile.co.uk> wrote:
>
> On point that no one has mentioned on this list yet is that it is a good
> idea to have root's shell be entirely contained on the root partition of
> the system -- ie. not just the executable, but any shlibs it requires as
> well. There's been a thread over on freebsd-ports at ... about ppp(8)
> apparently failing because of problems linking libintl -- which actually
> turned out to be because root's shell had been changed to bash(1).
>
I'm curious to know why you would change root's shell to bash. You can
change shells at the cli easily. What's one more command before you start
working?
>
> On the other hand, I take the view that the less done by the super user
> the better, and discourage myself to use sudo(1) preferentially and to
> keep su(1) sessions as short as possible by making root's shell as
> /unfriendly/ as possible.
>
Is this a religious argument? Or is there a sound security basis for it?
I ask because I'm not sure I see the difference. I prefer to leave sudo
set up to prompt for a password. This at least reminds you that what
you're doing is "root's" work (and if you screw up, you could do "bad"
things.) If I'm going to do a lot of work, I just su - to root, do the
work and then get out. I don't allow remote root access, so I'm wondering
- am I exposing my systems to some unnecessary risk? Or is this just a
matter of personal preference?
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list