Shell

Polytropon freebsd at edvax.de
Tue Jun 30 14:04:56 UTC 2020 

On Tue, 30 Jun 2020 06:33:44 -0700, Donald Wilde wrote:
> I would add only one suggestion here, and that would be to consider
> using bash-static and parking it in a place where it is available in
> the event of an excruciating mishap.

This is usually where the "toor" user is interesting: It is
for interactive use, but in worst case, regular "root" will
always work as expected.



> The only concern with doing so is that doing so causes the (larger!)
> bash-static kernel to be used everywhere. If you have lots of regular
> users with console prompts, this could be painful.

You could "manually install" a statically-linked version of
bash into /bin, and make it root:wheel + chmod 4000 (setuid),
so no regular user can execute it; for them, make sure that
the location of bash, usually /usr/local/bin/bash, is
reflected in a $PATH where /usr/local/bin is before /bin
(quite unelegant, but should work).



> I haven't done this, but it should be possible to install both
> bash-static and bash. One would have to rename the first (bash-static)
> to something other than 'bash' and add that to the /etc/shells file,
> but after doing so also install the bash package with the
> non-monolithic binary 'bash' and use that as the shell for regular
> users.

That is an even better approach. :-)



On Tue, 30 Jun 2020 09:46:08 -0400, D'Arcy Cain wrote:
> I use bash for my user and root shell.  To deal with mishaps I set my shell
> in passwd to sh and create a small .profile which mainly just has this line:
> 
> bash && exit 0
> 
> That way if bash is fine I run it and immediately exit when it does.  If
> bash is missing or can't run then the exit is skipped and I am in sh so that
> I can fix things.

This is a very convenient idea which only requires one
little configuration file change. However, entering "bash"
and pressing Enter at sh's # prompt after entering single-
user mode would work, too - in worst case, you'll get an
error message. :-)

Another coding for your idea would be:

	exec bash || /bin/sh

So the initial sh process continues as bash, but if it
fails, "returns" to sh (starts one).

Sidenote: I also tend to start a dialog shell out of sh
in case I need more than one command or slightly longer
path or filename to enter...





-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list