fbsd.questions at rachie.is-a-geek.net
Tue Mar 3 09:05:35 PST 2009
On Sunday 01 March 2009 07:47:44 Glen Barber wrote:
> On Sun, Mar 1, 2009 at 11:43 AM, Daniel Lannstrom <op at trekdanne.se> wrote:
> > On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote:
> >> This explains one of the reasons not to change root's shell:
> >> http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT
> > Yes that's exactly what I meant. Is there any other reason except for
> > that? As I see it that problem can easily be solved by copying bash to
> > the root file system. Also many systems today have the root and /usr
> > on the same file system.
> You'd have to also copy more than just the binary file.
True, that's why ports respect PREFIX.
> It's more
> complex than that, and generally is a Bad Idea(tm).
FUD. Just use:
make -C /usr/ports/shells/bash -DWITH_STATIC_BASH PREFIX=/
(or PREFIX=/opt or PREFIX=/static or whatever, just as long as it resides on
the root partition).
If something isn't working that should work (f.e. rc.d scripts), it's easy to
chsh -s /bin/csh, relog and see if it works then. I've seen one case where a
startup script didn't work because root shell was zsh. Judging from that
case, zsh thought it was running interactively or PROMPTS set in .zlogin
rather then .zshrc and various tty related commands screwed things up. Also,
zsh is more aggressive on correcting command line arguments. All this
ammounts to "know your shell" which is an argument *for* changing root's
shell to something you're familiar with, rather leaving it at csh out of
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions