I'm curious to know why you would change root's shell to bash. You can change shells at the cli easily. What's one more command before you start working?
On point that no one has mentioned on this list yet is that it is a good idea to have root's shell be entirely contained on the root partition of the system -- ie. not just the executable, but any shlibs it requires as well. There's been a thread over on [EMAIL PROTECTED] about ppp(8) apparently failing because of problems linking libintl -- which actually turned out to be because root's shell had been changed to bash(1).
On the other hand, I take the view that the less done by the super user the better, and discourage myself to use sudo(1) preferentially and to keep su(1) sessions as short as possible by making root's shell as /unfriendly/ as possible.
Is this a religious argument? Or is there a sound security basis for it?
I ask because I'm not sure I see the difference. I prefer to leave sudo set up to prompt for a password. This at least reminds you that what you're doing is "root's" work (and if you screw up, you could do "bad" things.) If I'm going to do a lot of work, I just su - to root, do the work and then get out. I don't allow remote root access, so I'm wondering - am I exposing my systems to some unnecessary risk? Or is this just a matter of personal preference?
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
