SUMMARY: bash ok as root's shell?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Original question:
------------------------------------------------------------------------
Along the circuitous path of learning the system administrator's
job, I somehow picked up the idea that bash was ok to use as a
user shell, but not a good idea as roo'ts shell.

Any actual truth to this?
------------------------------------------------------------------------

Thanks to all for the immediate response.
Sorry for not mentioning that I'm using Solaris 7.

The short answer is that bash is not the shell to have listed in
/etc/passwd for root.

1) root should have a valid shell even when nothing but the root
   partition is mounted.

   bash is generally dynamically linked to libraries in /usr

   /usr is generally not on the root partition.

2) dynamic libraries can become corrupted

3) dynamic libraries can be a source for root exploits

4) /sbin/sh is statically linked, and thus is a valid candidate for
   root's shell.

Some pointed out that "working in" bash as root is ok, and fairly
easy. For example:

if [ -f /usr/local/bin/bash ]; then
 /usr/local/bin/bash
fi

OR

if [ -x /path/to/bash -a -d /usr/lib ] ; then
        exec /path/to/bash
fi

Wally Winzer Jr. pointed out:
----------------------------------------------------------------------
As long as it is built statically, it is perfectly fine.
You have to link bash to /etc/lib/libdl.so.1 so that bash does not
have to depend on /usr/lib/libxxx.
----------------------------------------------------------------------

Greg Sawicki's advise was:
----------------------------------------------------------------------
1. get over it and leave root defaults.
2. as a sysadmin use korn shell, never C shell
3. if you su then exec ksh and source your good profile and you are set
4. if you do not comply with any of the above then always wear asbestos
underwear so you will not burn your ass ;)
----------------------------------------------------------------------

Thanks to:
Eric D. Pancer
Paul R. Hybert
Nickolai Zeldovich
Tim Evans
David Evans
nicholas harteau
Rich Lafferty
Bevan Broun
Auteria Wally Winzer Jr.
Dan L. Ostrom
Thomas Lester
Todd Fiedler
Matthew Stier
Roy Culley
Greg Sawicki
Michael Cook
Stephen Harris
Matt Simmons
Danny Johnson

-- 
John White
johnjohn@triceratops.com
PGP Public Key: http://www.triceratops.com/john/public-key.pgp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:14 CDT