Date: Sun, 16 May 1999 12:35:08 -0700 From: Graeme Tait <graeme@echidna.com> To: Studded <Studded@gorean.org>, stuyman@confusion.net, freebsd-questions@freebsd.org Cc: info@boatbooks.com Subject: Re: [Fwd: Re: How to change the shell?] Message-ID: <373F1DEC.77D7@echidna.com> References: <373DAD1C.6FA8766F@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Studded wrote:
>
> Laurence Berland wrote:
> >
> > But it probably wouldnt be a bad thing if I were to copy TCSH into /bin
> > and then not worry about Single user mode problems?
>
> Here's a good example of why you should always leave root's shell as one
> of the system shells. I recently upgraded my system from 2.2.8 to 3.2-beta.
> Everything went well, make upgrade completed with no errors, and the system
> came right up when I rebooted. The problem occured when I tried to log in
> as my unpriviliged user who uses Bash. The libraries that it compiled
> against were no longer where Bash thought they should be, and Bash refused
> to start. I had to login as root, recompile Bash, then I was good to go. If
> I had been doing that upgrade remotely, I would have been SOL because I
> don't allow root logins.
>
> Now, it is possible that you could think of ALL of the possible ways that
> you could be affected by changing the root shell, etc., etc., blah blah.
> However, several really smart people have told you now that it's a bad
> idea. Every unix system administration book you will ever read will also
> tell you it's a bad idea. At some point, you will realize, it's a bad idea.
> Whether you realize it now, or realize it after you've shot yourself in the
> foot a few times is up to you.
As a relative newbie, I've been following this thread with interest, because I
use two systems configured with bash as the default root shell, and haven't
experienced any problems - plus is it a nice convenience.
I also still haven't heard a convincing reason not to have bash as root
default, given appropriate precautions.
My sysadmin book ("Essential System Administration") doesn't tell me not to
have bash as the root default - it just cautions me to make sure single user
mode still works. It actually implies changing the default root shell is
normal enough.
It's not an issue for single user mode - FreeBSD asks you what shell you want,
and you can always take the default sh. In fact, you couldn't select bash at
this point if it's in a separate /usr filesystem. I rather like being in sh in
this case, as I reminds me I'm in single user mode, but if I get tired of not
having the bash features, I can always mount /usr and switch to bash (or I
assume I could have a [statically-linked?] version in the root filesystem).
The problem of losing bash is not something I'd considered, but with local
logins, you can always start in single user mode with sh even if bash is the
root default. For remote logins, you could have user toor default to sh, and
define a password for toor. So you can always su to toor. Plus you could
define an unprivileged user (but in group wheel), with sh as default shell, so
remote logins would still be possible in this case. I assume you'd need to do
the latter anyway if you are running remotely and fear losing bash. But I must
say that I would not attempt to make an upgrade from 2.8 to 3.2-beta on a
remote machine, without trying it locally first, and/or without having remote
console access to the machine!
--
Graeme Tait - Echidna
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?373F1DEC.77D7>