Root shell

[Geoff Fritz]

On Sun, Mar 01, 2009 at 04:16:50PM +0000, Frank Shute wrote:
> On Sun, Mar 01, 2009 at 03:50:29PM +0100, Sniper wrote:
> >
> > Hi!
> > 
> > I heard that changing root shell to bash is not good idea, also programing
> > in any C shell not applicable. So which shell is the most appropriate for
> > root user ?
> > 
> 
> I changed my root shell to pdksh with no ill-effects. I just copied it
> from /usr/local/bin to /bin and added it to /etc/shells. Then vipw.
> 
> pdksh is statically linked and I don't know if bash is. If it's not
> you wont be able to use it in single user mode but you can always use
> /bin/sh instead.

I, too, like pdksh for my root accounts.  If I have a system where
/usr/local does not share the / device, I will copy it over.  There's the
WITH_STATIC_BASH knob to make bash a static binary, as well.  As noted by
someone in the archives, ksh-alikes have issues allocating a tty when used
in a jail accessed via jexec, so beware of that.

As system shell scripts have their correctly defined #! shell (/bin/sh), it
really doesn't matter what you use for an interactive shell so long as you
trust the source distribution of that shell (which should be an obvious
conclusion, since the FreeBSD team is oly responsible for those shells that
come packaged with the base OS).

Purists will note that root's choice of shell is of no consequence since
nobody should be using the root account for any serious long-term
interactive use in the first place.  Except for environments where there's
an assumed lack of trust in the admins (use sudo), delegation of root-like
powers to lesser admins (use sudo), or strict audit/logging requirements
(use sudosh or more serious auditing mechanisms), I personally feel that
hobbling an admin with a non-root account is of dubious value.

In any case, there's no functional reason to not use the shell of your
choice.  However, individuals or organizations will stronly differ in their
admin philosophy.

-- Geoff