Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Nov 2005 15:44:44 +0100 (CET)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-stable@FreeBSD.ORG
Subject:   Re: upgrading 5.4 -> 6.0 without reinstalling. safe ?
Message-ID:  <200511101444.jAAEii8H010916@lurza.secnetix.de>
In-Reply-To: <20051110142455.GA33797@pc5-179.lri.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
Marwan Burelle <Marwan.Burelle@lri.fr> wrote:
 > On Thu, Nov 10, 2005 at 02:13:26PM +0100, Oliver Fromme wrote:
 > > Under some circumstances it can also be useful to have
 > > an "emergency user" which is not dependant on anything
 > > outside the base system (i.e. doesn't use anything from
 > > /usr/local, doesn't have its home on an NFS volume,
 > > doesn't has its account information on NIS etc.).  It
 > > should be a member of the wheel group so it can do "su".
 > 
 > In the same idea, I never change root's shell

I never change root's login shell either -- because it is
never used.

 > I think also that root should have /rescue/*sh as shell (static
 > versions) just to be sure ...

Well, I vote for /sbin/nologin as root's login shell.

In single-user mode, the systems asks for the shell, with
/bin/sh being the default.  In multi-user mode, nobody
should ever log in as root.  You rather log in as normal
user and then use "su -m", or use sudo(8) or super(1) or
whatever.

Therefore I think root's login shell has zero meaning, and
it should be /sbin/nologin for security reasons (in case
you accidentally enabled root login via ssh, or you have
set the virtual terminals set to "secure" in /etc/ttys).

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"UNIX was not designed to stop you from doing stupid things,
because that would also stop you from doing clever things."
        -- Doug Gwyn



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511101444.jAAEii8H010916>