Root shell

[Polytropon]

On Sun, 1 Mar 2009 17:43:55 +0100, Daniel Lannstrom <op at trekdanne.se> wrote:
> On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote:
> > This explains one of the reasons not to change root's shell:
> > 
> > http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT
> 
> Yes that's exactly what I meant. Is there any other reason except for
> that? As I see it that problem can easily be solved by copying bash to
> the root file system. Also many systems today have the root and /usr 
> on the same file system. 

I wouldn't rely on the "many systems today" assumption.

As an addition, I'd like to mention that there are "two root shells":
First is the system's standard scripting shell /bin/sh which is
usually invoked first when entering maintenance mode (single user
mode). As well as FreeBSD's standard dialog shell /bin/csh it resides
on the / partition.

Maybe it can be seen as an "unwritten law", or at least as a kind
of well intended suggestion to use /bin/csh for root's dialog shell
as well as /bin/sh for scripting. It may be considered "old fashion",
but it has served well to follow this suggestion over the years.

Just as a very individual example, I haven't found any need to
install BASH on any system I've done so far. But it's completely
okay to have BASH as a user's dialog shell when the system is up
and running well.

Furthermore, I don't think copying the bash* binary is sufficient
to have BASH in SUM in a problem situation (which is: / is mounted
ro, nothing else mounted). Reason:

	% which bash | xargs ldd
	/usr/local/bin/bash:
	        libncurses.so.7 => /lib/libncurses.so.7 (0x280ff000)
	        libintl.so.8 => /usr/local/lib/libintl.so.8 (0x2813d000)
	        libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28146000)
	        libc.so.7 => /lib/libc.so.7 (0x2823b000)

There are library dependencies on /usr partition.



-- 
Polytropon
>From Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...