sysrc bug
Eugene Grosbein
eugen at grosbein.net
Tue Jun 1 00:22:41 UTC 2021
01.06.2021 6:07, Roger Marquis wrote:
>> Also, changing the root shell is bad for many reasons and I'm not
>> surprised that something doesn't work.
>
> Surprised this old myth is still being repeated. Having used various
> root shells in FreeBSD and other Unux/Linux systems for decades I have to
> ask specifically what said reasons are, particularly considering
> /usr/sbin/sysrc starts with "#!/bin/sh" (as does and should every system
> shell script).
Original statement was: "one should not change root shell to something like /usr/local/bin/bash"
and/or "one should not change root shell at all" (unless one knows what he does).
There are multiple ways for unexperienced root to breaks things changing its shell:
- vipw allows one to make a misprint typing shell path name rendering root without a shell (so "toor" user was born);
- /usr/local/bin/bash or any other shell residing on file system not mounted in single user mode
and/or requiring libraries residing on not inaccessible file system, including NFS-mounted;
- some historic scripts making assumptions on root shell behaviour etc.
So it is much safer to create distinct non-root user with desired shell and use "su -m"
that raises privileges but keeps user environment intact (HOME, shell, other environment).
More information about the freebsd-security
mailing list