Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Oct 2000 17:08:23 -0600 (CST)
From:      Ryan Thompson <ryan@sasknow.com>
To:        media@mail1.nai.net
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: changing root shell??
Message-ID:  <Pine.BSF.4.21.0010141614550.49920-100000@ren.sasknow.com>
In-Reply-To: <v03130302b60dfbae4a1e@[209.150.34.194]>
next in thread | previous in thread | raw e-mail | index | archive | help 
media@mail1.nai.net wrote to freebsd-questions@FreeBSD.ORG:

> 
> First off, thanks to everyone for their help.
> 
> >> I've been entering commands with sh syntax all along.  I haven't
> >> received any syntax errors.  Does this mean I could have trashed my
> >> system without knowing it??
> >>
> >The odds are very very slim, especially considering that you received
> >no syntax errors that you have damaged your system at all.
> 
> Whew!!  Thanx :)  It still amazes me that I haven't received any syntax
> errors, since afaik, sh and csh use very different syntax.  I've also
> noticed some scripts are written in sh and some are written in csh -- how
> does the system know what to do??

Look at the top of the script... You will see a line like

#!/bin/sh

The ``#!'' pattern tells execve(2) that the executable file is an
interpreter file (not a binary), and that what follows on the same line is
the name and location of the program with which to execute the script
(with optional arguments following the filename).  Thus,

	#!/bin/sh
	#!/bin/csh
	#!/usr/bin/perl -w

...are all scripts.

Just to show you that you don't need a bona-fide shell (like sh or csh),
or an interpreter (like perl), you can use ANY program that accepts input
from stdin.  Run this for fun:

	#!/usr/bin/grep -v ^#
	Simple script that removes
	# comments like this one.
	Everything happy!


> >Changing your root shell to sh is fine. Just try and avoid stuff on /usr
> >without a damn good reason, and knowledge of the consequences.  A basic way
> >to change your default editor is with sysinstall.
> 
> I've read that I should avoid sysinstall after I've already installed
> because it can cause problems.

Why?  Obviously, you want to stay away from anything that would re-newfs
your drives, change partitions, or delete stuff... but /stand/sysinstall
contains many useful post-install features that can provide very useful
when configuring a system.


> >Ya know... all of this talk about changing root shells (again) has led me
> >to believe that the litrature that comes with fbsd, linux, etc just doesn't
> >make one thing clear enough to new unix users.... Root is only to be used
> >for select sys admin duties... not for browsing the web, or playing quake,
> >or editing graphics or whatever else... sheesh.
> 
> Actually, _The Complete FreeBSD_ and _The FreeBSD handbook_ do make that
> clear.  Even sysinstall suggests creating another account besides root for
> regular use.  Regardless, I am doing sys admin duties (eg. trying to get my
> printer to work).  What I think FreeBSD should make clear, is which shell
> is being used by root when you first install it.  

	echo $SHELL		# sh
	echo $shell		# csh

Or if that doesn't work, the following should work on just about any
system/shell:

	ps | grep $$

Or, if local passwd information is available,

	chsh root

Or, using perl to suck the entry out:

	#!/usr/bin/perl
	print getpwuid($<))[8];

Or, any of dozens of other methods ;-)

Then again, anyone executing these commands without copying them down from
somewhere first probably doesn't know/doesn't care very much about shells
and the differences between them.  For most newbies that I have
encountered, the differences in syntax between the shells are subtle at
best.

It may be futher argued that anyone that DOES know and care about the
syntax of either shell enough should also know how to find out which shell
they are using ;-)


> The welcome message
> should say "Listen you clueless newbie, root starts with the csh shell even
> though every other Unix system in your life has started with sh unless you
> changed it" or something similar :)

Perhaps changing the default startup script to reflect the user's current
shell would be more appropriate.  sh is great for writing scripts, but is
generally NOT very suitable for a typical login session nowadays--many
more modern shells are available that provide much more functionality for
the user.


> >Give toor your chosen shell (chsh toor), assign her a password, and do
> >your root duties from that account, leaving the real root account with the
> >default shell.  Best of both worlds, really, for about 99.5% of all
> >sysadmin duties on a production machine.  If a 'toor' account was not
> >created on your system, just add another user after root with uid = 0, gid
> >= 0 and remake the password db.
> 
> I thought toor was a backdoor for remote access in case one could not get
> into root.  I've heard having toor activated is a possible security risk.

Plugging your computer in is also a possible security risk ;-)

toor is supposed to have uid=0 gid=0, meaning, no logins are allowed from
insecure terminals (see /etc/ttys).  If you want to add a small extra
layer of security, rename toor to something else.  Be sure to change the
password just as frequently as you do root's.  I am not aware of any
additional security risks associated with toor that are not already
present in a multi-user system.


> I don't think I'll need toor since I can always boot from cd from the
> console.  However, that is a good idea if I wanted to have tcsh or bash for
> doing root.
> 
> How do I remake the password db??

/usr/sbin/pwd_mkdb /etc/master.passwd



> >> My tcsh is in /usr/local/bin/tcsh, which wouldn't work in
> >>single user mode.
> >
> >That's bad.  All files that are integral to the system (ie, required
> >for the system to boot in single user mode for rescue, recovery,
> >etc) should be in the root filesystem.
> 
> sh and csh are in /bin and part of the FreeBSD install. I added tcsh and
> bash on my own, so they are in /usr/local/bin

tcsh was added to the base system in FreeBSD 4.0, and made the default
root shell



{{

TRIMMED the beginnings of a converstion that usually only develops into an
editor holy war ;-)

}}



- Ryan


-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts
  Phone: +1 (306) 664-1161

  SaskNow Technologies     http://www.sasknow.com
  #106-380 3120 8th St E   Saskatoon, SK  S7H 0W2



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010141614550.49920-100000>