Re: bash for root?
Dieter wrote: 2. don't use bash as shell for root. Or at least understand what you are doing. What is wrong with bash as shell for root? (Assuming bash is in /bin and statically linked.) There's nothing wrong with that if you make it statically linked and put it in /bin. You know what, and why, you are doing it ;) My only advice to the OP was to be careful which shell to choose for the root account, especially bash which is dynamically linked and installed by default in /usr/local/bin/. I hope I didn't offend too many others with my suggestion... All the best, Stijn
Re: bash for root?
farhan ahmed wrote: > Question is how can you make shell statically linked? I thought when you > install package it should be linked rather than manual compiling and > installing I think that is best left as an exercise for the asker. Here's what it boils down to: There is nothing wrong with a properly implemented 'bash' or any other shell for root. Hint: when the system comes up single user mode, it will ASK you what shell to use. The statically compiled part isn't even critical in OpenBSD, unless you are intent on running bash in single-user mode before all partitions are mounted. The problem is when you break things, you break 'em BIG. Original thread is a case in point. You win awards for courage, not wisdom, for still being intent on using bash as the root shell while you are still walking with a limp from your last experience. There's a lot of stuff that can go wrong when changing a user's default shell over the lifecycles of the system (think upgrades!), virtually all operator error, all avoidable, but errors that can happen tend to happen. When you break JoeAverage's account, no big deal, as long as you can get back as root and fix it. When you break root, you have a problem. Yes, the goal is to do everything right, but another goal is to make it more difficult to do things wrong. If you don't know how to do it right, test it right, and recover it right, don't change the root shell. I realize how it is such finger breaking work to type the five keystrokes "b a s h [enter]" at a command prompt after logging in...so horrible, I know, but until you know what you are doing, just manually invoke bash. You will know you know what you are doing when you realize you don't need or want to use bash on OpenBSD. The only good reason I've found to use bash on OpenBSD is to make it feel like some other OS, and that's really not a good thing when you are administering the system (i.e., logging in as root!). ksh rocks on OpenBSD. :) Nick.
Re: bash for root?
2008/11/30 Nick Holland <[EMAIL PROTECTED]>: > farhan ahmed wrote: >> Question is how can you make shell statically linked? I thought when you >> install package it should be linked rather than manual compiling and >> installing > > I think that is best left as an exercise for the asker. > > Here's what it boils down to: > There is nothing wrong with a properly implemented 'bash' or any > other shell for root. Hint: when the system comes up single user > mode, it will ASK you what shell to use. The statically compiled > part isn't even critical in OpenBSD, unless you are intent on > running bash in single-user mode before all partitions are mounted. > > The problem is when you break things, you break 'em BIG. Original > thread is a case in point. You win awards for courage, not wisdom, > for still being intent on using bash as the root shell while you are > still walking with a limp from your last experience. > > There's a lot of stuff that can go wrong when changing a user's > default shell over the lifecycles of the system (think upgrades!), > virtually all operator error, all avoidable, but errors that can > happen tend to happen. When you break JoeAverage's account, no big > deal, as long as you can get back as root and fix it. When you > break root, you have a problem. Yes, the goal is to do everything > right, but another goal is to make it more difficult to do things > wrong. > > If you don't know how to do it right, test it right, and recover it > right, don't change the root shell. I realize how it is such finger > breaking work to type the five keystrokes "b a s h [enter]" at a > command prompt after logging in...so horrible, I know, but until you > know what you are doing, just manually invoke bash. > > You will know you know what you are doing when you realize you don't > need or want to use bash on OpenBSD. The only good reason I've > found to use bash on OpenBSD is to make it feel like some other OS, > and that's really not a good thing when you are administering the > system (i.e., logging in as root!). > > ksh rocks on OpenBSD. :) > > Nick. > > Why not set up a user (ex: bigguy) and then force his uid and gid to be 0 and 0 with vipw? Give that user a nice coloured bash prompt and set up directories in his home. This way you get a customized superuser while keeping the real root environment pristine. /juan
Re: bash for root?
On Sun, Nov 30, 2008 at 11:11:53AM -0500, Nick Holland wrote: > need or want to use bash on OpenBSD. The only good reason I've > found to use bash on OpenBSD is to make it feel like some other OS, Another reason I've found is the option "set -o pipefail", which is handy when you want the ERR trap to fire when any single command of a set of piped commands exits non-zero. (If there's a better way of doing things, I'd love to hear about it...) -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: bash for root?
Juan Miscaro wrote: ... Why not set up a user (ex: bigguy) and then force his uid and gid to be 0 and 0 with vipw? Give that user a nice coloured bash prompt and set up directories in his home. This way you get a customized superuser while keeping the real root environment pristine. Other than generating duplicate user number error reports from the nightly security check, the generally bad idea of duplicate user numbers, creating confusion and ambiguity that doesn't need to be there, the likelihood that you will have forgot the 'root' password when you need it and being a really silly way to solve a completely non-problem? No reason at all. Why not switch the keycaps around on your keyboard? Why not wear mis-matched shoes? (those are bad examples, I can come up with justifications for doing them...) Some people are really convinced their feet need holes. The (non)problem doesn't justify your solution -- and the real problems it would create. Nick.
Re: bash for root?
Hi Guys, Thanks a lot for all replies and discussion, I have recovered root shell today after scheduling down time. Thanks a lot, excellent forum Thanks, Farhan > Date: Mon, 1 Dec 2008 07:55:48 -0500 > From: [EMAIL PROTECTED] > To: misc@openbsd.org > Subject: Re: bash for root? > > Juan Miscaro wrote: > ... > > Why not set up a user (ex: bigguy) and then force his uid and gid to > > be 0 and 0 with vipw? Give that user a nice coloured bash prompt and > > set up directories in his home. This way you get a customized > > superuser while keeping the real root environment pristine. > > Other than generating duplicate user number error reports from the > nightly security check, the generally bad idea of duplicate user > numbers, creating confusion and ambiguity that doesn't need to be there, > the likelihood that you will have forgot the 'root' password when you > need it and being a really silly way to solve a completely non-problem? > No reason at all. > > Why not switch the keycaps around on your keyboard? > Why not wear mis-matched shoes? > (those are bad examples, I can come up with justifications for doing > them...) > > Some people are really convinced their feet need holes. The > (non)problem doesn't justify your solution -- and the real problems it > would create. > > > Nick. > _ Net yourself a bargain. Find great deals on eBay. http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Frover%2Eebay%2Ecom%2Frover%2F 1%2F705%2D10129%2D5668%2D323%2F4%3Fid%3D10&_t=763807330&_r=hotmailTAGLINES&_m =EXT
Re: bash for root?
On Dec 1, 2008, at 4:55 AM, Nick Holland wrote: Other than generating duplicate user number error reports from the nightly security check, the generally bad idea of duplicate user numbers, creating confusion and ambiguity that doesn't need to be there, the likelihood that you will have forgot the 'root' password when you need it and being a really silly way to solve a completely non-problem? No reason at all. Just sudo when you need to be root -- avoids ever logging in as root unless something's *REALLY* wrong. You can keep your shell (or better yet, just run the command you need to run as root). Sean
Re: bash for root?
2008/12/1 Nick Holland <[EMAIL PROTECTED]>: > Juan Miscaro wrote: > ... >> >> Why not set up a user (ex: bigguy) and then force his uid and gid to >> be 0 and 0 with vipw? Give that user a nice coloured bash prompt and >> set up directories in his home. This way you get a customized >> superuser while keeping the real root environment pristine. > > Other than generating duplicate user number error reports from the nightly > security check, the generally bad idea of duplicate user numbers, creating > confusion and ambiguity that doesn't need to be there, the likelihood that > you will have forgot the 'root' password when you need it and being a really > silly way to solve a completely non-problem? No reason at all. I turn off those annoying checks and I use the same password. Works great. /juan
Re: bash for root?
Juan Miscaro wrote: > > I turn off those annoying checks and I use the same password. > Works great. > > /juan > ... until it doesn't.
Re: bash for root?
2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: > Juan Miscaro wrote: >> >> I turn off those annoying checks and I use the same password. >> Works great. >> >> /juan >> > ... until it doesn't. Got anything to back that up? /juan
Re: bash for root?
Juan Miscaro wrote: 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't. Got anything to back that up? If you really want stories about cases where users got cut into this before, just look in the archive and you will find many. I remember one specially where a user had to drive about 200 miles based on what he said to fix it after an upgrade that got his system wrong and lock himself out where he could have access to the server with a user that had sh as the shell, but not in wheel group and the only users he could use for wheel were setup for bash and that was screw up. So, he had access to the server, but couldn't get access to root in anyway as it was bash for root and he just had to drive there to fix it. He forget that bash wasn't compile statically and needed library that he couldn't access then. Something like that anyway. It's been about 1 1/2 years I think, so my memory may be somewhat fuzzy, but if I recall properly, that's was about it, or close to it anyway. He got a lots of help trying to help him, but tin the end, no other option then a long drive. So you do as you see fit, that's your system after all. No one will be stuck other then you if that happened, but plenty give you the warning about it. In the end, you do as you see fit. I know very wise people give you advise and warning on it, I would very strongly recommend to listen to them, but in the end, do as you see fit. It's your time in the end and your head. Best, Daniel
Re: bash for root?
On Sat, Nov 29, 2008 at 08:46:00AM +, Dieter wrote:
>
> What is wrong with bash as shell for root?
> (Assuming bash is in /bin and statically linked.)
>
all talk of why or why not misses one highly held best practice
for system management, no matter what the OS.
never change the default root shell.
learn to use the "exec" builtin:
$ sudo su -
Password:
Terminal type? [xterm]
# exec bash
#
now for this login session your interactive shell is bash, and you
have all your favorite bells, whistles and blinken lights.
the time spent in typing "# exec my-favorite-shell" is about 2.0
seconds. multiply that by the number of times you need an interactive
root shell, compare to the time spent without access to your system
or recovering it from such problems. because, if you continue to
do stuff like that, eventually you will have such problems.
let me repeat that.
if you continue to do stuff like that, then eventually you will
have such problems.
so, just learn to use exec. simple and quick, keeps things clean.
(and working.) you will even give other people the impression that
you know what you are doing..
cel
p.s. 13+ years experience system management with NeXT, SunOS{4.x,5.x},
MacOS, OpenBSD (2.2 to present), Linux, OSF1/Tru64.
--
Christopher Linn | By no means shall either the CEC
System Administrator II | or MTU be held in any way liable
Center for Experimental Computation | for any opinions or conjecture I
Michigan Technological University | hold to or imply to hold herein.
Re: bash for root?
2008/12/2 Daniel Ouellet <[EMAIL PROTECTED]>: > Juan Miscaro wrote: >> >> 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: >>> >>> Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan >>> ... until it doesn't. >> >> Got anything to back that up? > I remember one specially where a user had to drive about 200 miles... >...He forget that bash wasn't compile statically and needed library... Stop. Install bash statically linked. That's all. /juan
Re: bash for root?
On Tue, Dec 2, 2008 at 2:33 PM, Juan Miscaro <[EMAIL PROTECTED]> wrote: > Install bash statically linked. That's all. Never make a mistake. That's all.
Re: bash for root?
Really? I mean really are we going to put this to bed yet? Cause I am bored to tears seeing new replies to something so trivial! Next real diagnostic issue please. -Jim
Re: bash for root?
Juan Miscaro wrote: 2008/12/2 Daniel Ouellet <[EMAIL PROTECTED]>: Juan Miscaro wrote: 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't. Got anything to back that up? I remember one specially where a user had to drive about 200 miles... ...He forget that bash wasn't compile statically and needed library... Stop. Install bash statically linked. That's all. /juan And the default is not, so do it every time and one day you will forget it, or someone else will upgrade that box for you and will not think about it, nor will you check it out. Like I said, do as you wish, your box, your head. Forget best practice until you get stuck, or forget one day to recompile it statically. misc@ is full of example like that. Do as you wish, you have been warn about it. I am done.
Re: bash for root?
On 2 Dec 2008 at 14:33, Juan Miscaro wrote: > 2008/12/2 Daniel Ouellet <[EMAIL PROTECTED]>: > > Juan Miscaro wrote: > >> > >> 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: > >>> > >>> Juan Miscaro wrote: > > I turn off those annoying checks and I use the same password. > Works great. > > /juan > > >>> ... until it doesn't. > >> > >> Got anything to back that up? > > > > I remember one specially where a user had to drive about 200 miles... > >...He forget that bash wasn't compile statically and needed library... > > Stop. > > Install bash statically linked. That's all. You are missing a very important point that Chris Linn has aluded to: no two shells are exactly alike and sooner or later a script written for one will blow-up in another. And since OpenBSD comes with and reasonably assumes that /bin/sh is the Korn Shell, all system (i.e. root) scripts are written accordingly. The converse is also a likely problem -- you install bash as root shell and start installing bash- specific scripts critical for system operation. Then during an upgrade bash is no longer available or is no longer statically compiled (remember bash in packages is dynamic and you have to upgrade the base OS before you can custom build your bastardized port...) The long and the short of it has been repeated here many times: "leave the root shell alove" > > /juan
Re: bash for root?
2008/12/2 System Administrator <[EMAIL PROTECTED]>: > On 2 Dec 2008 at 14:33, Juan Miscaro wrote: > >> 2008/12/2 Daniel Ouellet <[EMAIL PROTECTED]>: >> > Juan Miscaro wrote: >> >> >> >> 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>: >> >>> >> >>> Juan Miscaro wrote: >> >> I turn off those annoying checks and I use the same password. >> Works great. >> >> /juan >> >> >>> ... until it doesn't. >> >> >> >> Got anything to back that up? >> >> >> > I remember one specially where a user had to drive about 200 miles... >> >...He forget that bash wasn't compile statically and needed library... >> >> Stop. >> >> Install bash statically linked. That's all. > > You are missing a very important point that Chris Linn has aluded to: > no two shells are exactly alike and sooner or later a script written > for one will blow-up in another. And since OpenBSD comes with and > reasonably assumes that /bin/sh is the Korn Shell, all system (i.e. > root) scripts are written accordingly. The converse is also a likely > problem -- you install bash as root shell and start installing bash- > specific scripts critical for system operation. Then during an upgrade > bash is no longer available or is no longer statically compiled > (remember bash in packages is dynamic and you have to upgrade the base > OS before you can custom build your bastardized port...) Who would be stupid enough to write system scripts in bash? Just because a user (again, I'm not even talking about root but a user with same uid/gid) has a bash shell does not force him to write bash scripts. > The long and the short of it has been repeated here many times: > >"leave the root shell alove" And as I've also said many times: "I am". /juan
Re: bash for root?
Nick Holland wrote: >the generally bad idea of duplicate user numbers I am not aware that this is considered a bad idea to have two usernames for the same UID. It is a pretty established practice to add a so-called "toor" username for exactly the reason of getting a nice superuser shell. I have been doing this in a production environment for years with no problem. http://en.wikipedia.org/wiki/Toor
Re: bash for root?
--- On Tue, 12/2/08, Ted Unangst <[EMAIL PROTECTED]> wrote: > > Install bash statically linked. That's all. > > Never make a mistake. That's all. Exactly. I don't get this thread. I mean, I could understand BASH as an option when openBSD was moving off of csh back in the day. But ksh works pretty much just like BASH, so I just don't get this. Is this just minor growing pains of someone coming over from linux?
Re: bash for root?
> if you continue to do stuff like that, then eventually you will
> have such problems.
> p.s. 13+ years experience system management with NeXT, SunOS{4.x,5.x},
> MacOS, OpenBSD (2.2 to present), Linux, OSF1/Tru64.
Gee, I've been using bash as root's shell for more than 13 years
on NetBSD, and for a few years on FreeBSD. Zero problems.
Before that I used ksh (the original ksh), and I recall discussions
back in the 1980s about using ksh for root. I think some people
even installed it as /bin/sh.
If you write shell scripts that depend on being run by a specific
shell, you are supposed to use the #! thing.
Like many things in Unix, you are using power tools. If you change
root's shell, you need to know what you are doing. Remember that
you might find yourself in single user mode with nothing but the
root partition mounted. Hence my comment previously about having
a statically linked copy of bash in /bin if you want bash as your
root shell.
Sorry, no list of Unix variants. After using Unix for over 30 years
the list is just too long. And some of them I'd rather forget.
Re: bash for root?
2008/12/2 Christopher Linn <[EMAIL PROTECTED]>: >$ sudo su - Make that $ sudo -s Best Martin
Re: bash for root?
Dieter <[EMAIL PROTECTED]> writes: > more than 13 years [...] > If you write shell scripts that depend on being run by a specific > shell, you are supposed to use the #! thing. Yes, you are great. You've never made any mistake in more than 13 years. Us mere mortals prefer to avoid the risk of making mistakes. We bow our heads to your perfection. //art
Re: bash for root?
On Tue, 2 Dec 2008, Brian wrote: --- On Tue, 12/2/08, Ted Unangst <[EMAIL PROTECTED]> wrote: Install bash statically linked. That's all. Never make a mistake. That's all. Exactly. I don't get this thread. I mean, I could understand BASH as an option when openBSD was moving off of csh back in the day. But ksh works pretty much just like BASH, so I just don't get this. Is this just minor growing pains of someone coming over from linux? This is one of those threads that doesn't want to end and I'm helping it stay alive. The default ksh works great for root. I mean how much time do you spend logged in as root anyway? Use root for emergencies, not for something you spend your day in. FWIW, if you want a kitchen sink shell try zsh. diana
Re: bash for root?
2008/12/3 Diana Eichert <[EMAIL PROTECTED]>: > On Tue, 2 Dec 2008, Brian wrote: > >> --- On Tue, 12/2/08, Ted Unangst <[EMAIL PROTECTED]> wrote: >> Install bash statically linked. That's all. >>> >>> Never make a mistake. That's all. >> >> Exactly. I don't get this thread. I mean, I could understand >> BASH as an option when openBSD was moving off of csh back in the >> day. But ksh works pretty much just like BASH, so I just don't >> get this. Is this just minor growing pains of someone coming >> over from linux? > > This is one of those threads that doesn't want to end and I'm > helping it stay alive. > > The default ksh works great for root. I mean how much time do you spend > logged in as root anyway? Use root for emergencies, > not for something you spend your day in. > > FWIW, if you want a kitchen sink shell try zsh. Yup, that's what I'm gonna do. Not for root though. /juan
Re: bash for root?
Jesse Zbikowski wrote: Nick Holland wrote: the generally bad idea of duplicate user numbers I am not aware that this is considered a bad idea to have two usernames for the same UID. It is a pretty established practice to add a so-called "toor" username for exactly the reason of getting a nice superuser shell. I have been doing this in a production environment for years with no problem. http://en.wikipedia.org/wiki/Toor Did you actually READ that article? say, maybe, end part under "Security Considerations"? There are lots of things that people did back before the world was all interconnected that aren't such hot ideas now. The fact that a practice was commonly done..or even IS commonly done...doesn't mean it is a really good idea. IF you do as you propose, you will get warning messages out of the daily security checks. You can either ignore the warning (in which case, you will probably miss other warnings, too, as you have "learned" that the insecurity report has "bogus" stuff in it) or modify the security check to not warn you about that. NOW, if I manage to get another account set to also have a '0' or other "interesting" user number (keep in mind, I may not want 'root' on your box, maybe I just want to see the data of the payroll dept., or your personal e-mail, or similar), you won't notice that, either. Non-trivial additional risk so you don't have to manually invoke a shell you don't even need to use. I think this falls quite safely under "bad idea". The ONLY benefit you are going to see here is allowing you to be LAZY, and five-keystroke lazy at that (two, if you do an appropriate 'alias'). Wow. You run OpenBSD, why? Probably because the developers have a pretty good idea how to keep your applications running safely and reliably. The developers have decided to look for duplicate IDs as part of their daily security checks. You have decided you know better. The point of proper administration is to do what needs to be done to keep your systems running reliably and securely and to make it easy to fix things WHEN they go wrong. While it isn't about working harder than need be, it also isn't about doing silly tricks to your system which can have negative (or not thought-through) impacts to your system Just Because You Can, or even because Someone Else Suggested It, just to save a very few keystrokes. Nick.
Re: bash for root?
Martin Schrvder wrote: 2008/12/2 Christopher Linn <[EMAIL PROTECTED]>: $ sudo su - Make that $ sudo -s Best Martin amazing how annoying two words can be. By saying "make that", you are saying someone else was wrong, and this is correct. For many purposes, "sudo su -" and "sudo -s" are similar, but they are not identical, and sometimes it matters. And I do believe Chris's process is more appropriate for what he was trying to show. Nick.
Re: bash for root?
On Wed, Dec 03, 2008 at 12:21:28PM -0500, Nick Holland wrote: > Martin Schrvder wrote: >> 2008/12/2 Christopher Linn <[EMAIL PROTECTED]>: >>>$ sudo su - >> >> Make that >> $ sudo -s >> >> Best >>Martin > > amazing how annoying two words can be. > By saying "make that", you are saying someone else was wrong, and this > is correct. > > For many purposes, "sudo su -" and "sudo -s" are similar, but they are > not identical, and sometimes it matters. And I do believe Chris's > process is more appropriate for what he was trying to show. That would be 'sudo -i' ;) Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: bash for root?
On Wed, Dec 3, 2008 at 9:14 AM, Nick Holland <[EMAIL PROTECTED]> wrote: > Jesse Zbikowski wrote: >> http://en.wikipedia.org/wiki/Toor > > Did you actually READ that article? say, maybe, end part under "Security > Considerations"? Yup. Did you read it as well, or did you just assume that because there is a part called "Security Considerations" there is no way to do it securely? > IF you do as you propose, you will get warning messages out of the daily > security checks. True. I do not know if you can selectively disable the warning for a single "known good" toor account, or if you have to shut the warnings off entirely. I would hope the first case is true. Otherwise this is a bad design for the security check, and should be fixed. > The developers have decided to look for duplicate IDs as part of their daily > security checks. You have decided you know better. The OpenBSD developers do a good job producing a general purpose system which can be adapted by their users to their own particular needs. I have a particular need which requires a separate /etc/passwd entry for toor. I am curious if there is any real reason not to do this besides the fact that it triggers a meaningless warning. To give you more background about my use case, if you really want to know: I need not only a custom shell but a custom home directory. I ssh -X in to the remote host and run a program as root, and this program displays a window on my local X server. Therefore the program needs to create a $HOME/.Xauthority, but the root username has $HOME as /root which is mounted readonly. Obviously there are a million and one ways to script around this problem, but adding a toor account was straightforward.
Re: bash for root?
Dieter wrote: Like many things in Unix, you are using power tools. If you change root's shell, you need to know what you are doing. Remember that you might find yourself in single user mode with nothing but the root partition mounted. Hence my comment previously about having a statically linked copy of bash in /bin if you want bash as your root shell. OpenBSD prompts you for a shell name when booting into single-user mode. There's no need for precautions when using a dynamically-linked shell, as you can always just type "/bin/sh" when you need to boot into single-user mode and find yourself without your precious libraries. OpenBSD makes it harder to burn yourself. :-)
Re: bash for root?
OpenBSD prompts you for a shell name when booting into single-user mode. There's no need for precautions when using a dynamically-linked shell, as you can always just type "/bin/sh" when you need to boot into single-user mode and find yourself without your precious libraries. Good luck doing it on remote servers without console access after a forgetful update. Drive safely in your panic to get it back up.
Re: bash for root?
2008/11/30 Nick Holland <[EMAIL PROTECTED]> > farhan ahmed wrote: > > Question is how can you make shell statically linked? I thought when you > > install package it should be linked rather than manual compiling and > > installing > > I think that is best left as an exercise for the asker. > > Here's what it boils down to: > There is nothing wrong with a properly implemented 'bash' or any > other shell for root. Hint: when the system comes up single user > mode, it will ASK you what shell to use. The statically compiled > part isn't even critical in OpenBSD, unless you are intent on > running bash in single-user mode before all partitions are mounted. > > The problem is when you break things, you break 'em BIG. Original > thread is a case in point. You win awards for courage, not wisdom, > for still being intent on using bash as the root shell while you are > still walking with a limp from your last experience. > > There's a lot of stuff that can go wrong when changing a user's > default shell over the lifecycles of the system (think upgrades!), > virtually all operator error, all avoidable, but errors that can > happen tend to happen. When you break JoeAverage's account, no big > deal, as long as you can get back as root and fix it. When you > break root, you have a problem. Yes, the goal is to do everything > right, but another goal is to make it more difficult to do things > wrong. > > If you don't know how to do it right, test it right, and recover it > right, don't change the root shell. I realize how it is such finger > breaking work to type the five keystrokes "b a s h [enter]" at a > command prompt after logging in...so horrible, I know, but until you > know what you are doing, just manually invoke bash. > > You will know you know what you are doing when you realize you don't > need or want to use bash on OpenBSD. The only good reason I've > found to use bash on OpenBSD is to make it feel like some other OS, > and that's really not a good thing when you are administering the > system (i.e., logging in as root!). > > ksh rocks on OpenBSD. :) > > Nick. > > At first i've also used bash because i missed the comfortable options shipped default with the bash based other system. But after some time i learned to handle ksh and i like it better than bash now. Just add a few options to /etc/profile and it's like at home again. export HISTFILE=~/.sh_history export HISTSIZE=10 export PS1='[EMAIL PROTECTED] \w \$ ' Any suggestions? :)
Re: bash for root?
On Fri, Dec 05, 2008 at 08:32:47AM +0100, G??bri M??t?? wrote: > 2008/11/30 Nick Holland <[EMAIL PROTECTED]> > > > farhan ahmed wrote: > > > Question is how can you make shell statically linked? I thought when you > > > install package it should be linked rather than manual compiling and > > > installing > > > > I think that is best left as an exercise for the asker. > > > > Here's what it boils down to: > > There is nothing wrong with a properly implemented 'bash' or any > > other shell for root. Hint: when the system comes up single user > > mode, it will ASK you what shell to use. The statically compiled > > part isn't even critical in OpenBSD, unless you are intent on > > running bash in single-user mode before all partitions are mounted. > > > > The problem is when you break things, you break 'em BIG. Original > > thread is a case in point. You win awards for courage, not wisdom, > > for still being intent on using bash as the root shell while you are > > still walking with a limp from your last experience. > > > > There's a lot of stuff that can go wrong when changing a user's > > default shell over the lifecycles of the system (think upgrades!), > > virtually all operator error, all avoidable, but errors that can > > happen tend to happen. When you break JoeAverage's account, no big > > deal, as long as you can get back as root and fix it. When you > > break root, you have a problem. Yes, the goal is to do everything > > right, but another goal is to make it more difficult to do things > > wrong. > > > > If you don't know how to do it right, test it right, and recover it > > right, don't change the root shell. I realize how it is such finger > > breaking work to type the five keystrokes "b a s h [enter]" at a > > command prompt after logging in...so horrible, I know, but until you > > know what you are doing, just manually invoke bash. > > > > You will know you know what you are doing when you realize you don't > > need or want to use bash on OpenBSD. The only good reason I've > > found to use bash on OpenBSD is to make it feel like some other OS, > > and that's really not a good thing when you are administering the > > system (i.e., logging in as root!). > > > > ksh rocks on OpenBSD. :) > > > > Nick. > > > > At first i've also used bash because i missed the comfortable options > shipped default with the bash based other system. But after some time i > learned to handle ksh and i like it better than bash now. > Just add a few options to /etc/profile and it's like at home again. > > export HISTFILE=~/.sh_history > export HISTSIZE=10 > > export PS1='[EMAIL PROTECTED] \w \$ ' > > Any suggestions? :) > I would add set -o vi if you use vi as a command line editor
Re: bash for root?
On Fri, Dec 05, 2008 at 09:29:43AM -0500, Alfredo Perez wrote: | > Just add a few options to /etc/profile and it's like at home again. | > | > export HISTFILE=~/.sh_history | > export HISTSIZE=10 | > | > export PS1='[EMAIL PROTECTED] \w \$ ' | > | > Any suggestions? :) | > | I would add set -o vi if you use vi as a command line editor If you prefer vi and want to use it for most everything, simply export VISUAL=vi. This has the same effect as set -o vi on your command line editor. Paul 'WEiRD' de Weerd (happy VISUAL=vi user for years now ;) -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: bash for root?
2008/12/5 Paul de Weerd <[EMAIL PROTECTED]> > On Fri, Dec 05, 2008 at 09:29:43AM -0500, Alfredo Perez wrote: > | > Just add a few options to /etc/profile and it's like at home again. > | > > | > export HISTFILE=~/.sh_history > | > export HISTSIZE=10 > | > > | > export PS1='[EMAIL PROTECTED] \w \$ ' > | > > | > Any suggestions? :) > | > > | I would add set -o vi if you use vi as a command line editor > > If you prefer vi and want to use it for most everything, simply export > VISUAL=vi. This has the same effect as set -o vi on your command line > editor. > > Paul 'WEiRD' de Weerd (happy VISUAL=vi user for years now ;) > > -- > >[<++>-]<+++.>+++[<-->-]<.>+++[<+ > +++>-]<.>++[<>-]<+.--.[-] > http://www.weirdnet.nl/ > What does it do if i set this variable?
Re: bash for root?
On Fri, Dec 05, 2008 at 04:24:39PM +0100, G??bri M??t?? wrote:
| > If you prefer vi and want to use it for most everything, simply export
| > VISUAL=vi. This has the same effect as set -o vi on your command line
| > editor.
|
| What does it do if i set this variable?
According to the ksh manpage, this sets command-line editing mode for
interactive shells and overrides the EDITOR variable (the last part
means that anything that uses an editor (eg. crontab -e) will (or,
should) start ${VISUAL}.
Cheers,
Paul 'WEiRD' de Weerd
--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
http://www.weirdnet.nl/
bash for root? (was: Re: libiconv problem )
> > 2. don't use bash as shell for root. > > Or at least understand what you are doing. What is wrong with bash as shell for root? (Assuming bash is in /bin and statically linked.)
Re: bash for root? (was: Re: libiconv problem )
Question is how can you make shell statically linked? I thought when you install package it should be linked rather than manual compiling and installing -- Regards, Farhan Ahmed> To: misc@openbsd.org> Subject: bash for root? (was: Re: libiconv problem )> Date: Sat, 29 Nov 2008 08:46:00 +> From: [EMAIL PROTECTED]> > > > 2. don't use bash as shell for root.> > > > Or at least understand what you are doing.> > What is wrong with bash as shell for root?> (Assuming bash is in /bin and statically linked.)> today. http://www.ninemsn.com.au/hotmailroadtrip
