Date: Wed, 15 Jun 2005 16:55:52 -0400 From: John Baldwin <jhb@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: Re: Death to toor Message-ID: <200506151655.52894.jhb@FreeBSD.org> In-Reply-To: <20050612025402.GD67746@dragon.NUXI.org> References: <53d4293a37f280317d52338c2fc6fc6d@FreeBSD.org> <20050612025402.GD67746@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 11 June 2005 10:54 pm, David O'Brien wrote: > On Thu, Jun 09, 2005 at 04:40:19PM -0700, John Baldwin wrote: > > Is there any good reason to keep the toor account around nowadays? > > Yes. Some of us use it. Well, that's why I asked. > > vipw has existed since 4.0BSD and chsh and friends have existed since > > 4.3BSD-Reno so I think that it's safe to say that folks are more than > > capable nowadays of changing root's default shell if desired. > > I wouldn't say we are totally safe changing root's default shell away > from /bin/csh. We still see people give the advice that one should not > change root's default shell. I never mentioned that FreeBSD would change root's default shell. All I said is that people have had tools available to them to easily change root's shell on their boxes since at least the early 1990s if they don't want to use /bin/csh on a particular box. Stop putting words in my mouth please. > > Also, > > '/bin/csh' and '/bin/sh' aren't very hard to type once you are logged > > in as root whatever the default shell may be. > > We could default to only /bin/sh as the login shell globally. > 'csh', 'zsh', 'bash' aren't very hard to type once you are logged in. *sigh* EOFFINWEEDS. To twist this another way, when we create user accounts with adduser, we don't add 4 different variations of every user account so that everyone can pick a different user name to get sh, csh, zsh, or bash for their shell. The fact that we do this for root and no one else is inconsistent. The fact that it uses UID 0 also means that it's always showing up in people's security run checks as a non-root user with a UID of 0. Maybe that security check should be dumped instead. Also, note that according to the FAQ, toor exists for bash support, not /bin/sh and apparently used to be installed by the bash port as part of its install. CVS says it has been around since 386BSD though, so I'm guessing that it wasn't ever a feature of the bash port per se, but maybe bash's own install scripts. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506151655.52894.jhb>