Is it save to change the login shell for root?

I want a tcsh and trash the bash.

Best regards,

Stefan

I think it is safe, but don't remove bash as many scripts depend on it.
But then, I'm just a rookie mysel and might be talking out of my rear end.

"Stefan Ollermann" <Stefan.Ollermann@gmx.de> wrote in message
news:20051210171622.18597a0a.Stefan.Ollermann@gmx. de...
> Is it save to change the login shell for root?
>
> I want a tcsh and trash the bash.
>
> Best regards,
>
> Stefan

Lisa Pearlson writes:
> I think it is safe...

You are correct, but note that if / and /usr are on different partitions
root will not be able to log in when /usr is not mounted (i.e., single-user
mode).

> ...but don't remove bash as many scripts depend on it.

Correct again.
--
John Hasler

On Sat, 10 Dec 2005 12:45:27 -0600, John Hasler
<jhasler@debian.org> wrote:
> Lisa Pearlson writes:
>> I think it is safe...
>
> You are correct, but note that if / and /usr are on different partitions
> root will not be able to log in when /usr is not mounted (i.e., single-user
> mode).
>
>> ...but don't remove bash as many scripts depend on it.
>
> Correct again.

You could create another account with uid 0 and tcsh as the shell,
or add this to root's .bashrc:

case $- in
*i*) if [ -f /usr/bin/tcsh ]; then exec /usr/bin/tcsh; fi ;;
esac

--
Mr and Mrs PED, can I borrow 26.7% of the RAYON TEXTILE production of
the INDONESIAN archipelago?

Stefan Ollermann wrote:
> Is it save to change the login shell for root?
> I want a tcsh and trash the bash.

Changing the login shell for root is hazardous - even if it's
"supported" or theoretically supported (e.g., I believe Debian is
supposed to support using any POSIX compliant shell for root ... of
course it and it's dependencies would also need to exist on the root
filesystem).

It's usually best not to muck with root's default login shell. One
can conveniently switch to another shell once su(1)/sudo(1)ed to root
(one shouldn't be logging in directly as root, except when it's very
much required) relatively easily - this is particularly easy on
Debian, as you also have perl.
For example, to switch the current root session to the tcsh(1) shell:
exec perl -e 'exec {'\''/bin/tcsh'\''} '\''-tcsh'\'';'
And if that's too much to type or paste frequently, you could set it
up as an alias or command, and invoke it with very few keystrokes.

Michael Paoli writes:
> Changing the login shell for root is hazardous - even if it's "supported"
> or theoretically supported (e.g., I believe Debian is supposed to support
> using any POSIX compliant shell for root...

It's perfectly safe to change root's login shell as long as the shell you
choose is in /bin or /usr/bin is not on a different partion than /bin.
Scripts don't use root's login shell.

> For example, to switch the current root session to the tcsh(1) shell:
> exec perl -e 'exec {'\''/bin/tcsh'\''} '\''-tcsh'\'';' And if that's too
> much to type or paste frequently, you could set it up as an alias or
> command, and invoke it with very few keystrokes.

On the other hand, you could just type 'tcsh -l'.
--
John Hasler

In an earlier post, Michael Paoli postulated:
> Stefan Ollermann wrote:
>> Is it save to change the login shell for root?
>> I want a tcsh and trash the bash.
>
> Changing the login shell for root is hazardous - even if it's
> "supported" or theoretically supported (e.g., I believe Debian is
> supposed to support using any POSIX compliant shell for root ... of
> course it and it's dependencies would also need to exist on the root
> filesystem).
>
> It's usually best not to muck with root's default login shell. One
> can conveniently switch to another shell once su(1)/sudo(1)ed to root
> (one shouldn't be logging in directly as root, except when it's very
> much required) relatively easily - this is particularly easy on
> Debian, as you also have perl.
> For example, to switch the current root session to the tcsh(1) shell:
> exec perl -e 'exec {'\''/bin/tcsh'\''} '\''-tcsh'\'';'
> And if that's too much to type or paste frequently, you could set it
> up as an alias or command, and invoke it with very few keystrokes.
>

As part of my "learning Linux" I always google up relatively simple
seeming questions that get seemingly complicated replies : sometimes
there is an easier way I find.

Q: why cant he just ensure that his shell in /usr or wherever and edit
the /etc/passwd file?


http://www.debian-administration.org/articles/231

--
"Well it proves one thing Mr. Hooper. It proves that you wealthy college boys
don't have the education enough to admit when you're wrong.

On 23 Dec 2005 13:31:46 -0800,
Michael Paoli <michael1cat@yahoo.com> wrote:
>
>
> Stefan Ollermann wrote:
> > Is it save to change the login shell for root?
> > I want a tcsh and trash the bash.
>
> Changing the login shell for root is hazardous - even if it's
> "supported" or theoretically supported (e.g., I believe Debian is
> supposed to support using any POSIX compliant shell for root ... of
> course it and it's dependencies would also need to exist on the root
> filesystem).
>
> It's usually best not to muck with root's default login shell. One
> can conveniently switch to another shell once su(1)/sudo(1)ed to root
> (one shouldn't be logging in directly as root, except when it's very
> much required) relatively easily - this is particularly easy on
> Debian, as you also have perl.
> For example, to switch the current root session to the tcsh(1) shell:
> exec perl -e 'exec {'\''/bin/tcsh'\''} '\''-tcsh'\'';'
> And if that's too much to type or paste frequently, you could set it
> up as an alias or command, and invoke it with very few keystrokes.

While I'm not positive of all of the security implications, I've
seen boxes that had a second root account 'toor' with uid and gid
0, with a different shell, usually tcsh, I imagine it could make
logging a nightmare if they were different users, but if they're
the same that shouldn't be a problem.

Iirc most programs/scripts use uid rather than username which may
be problematic in some circumstances.

Michael C.
--
mcsuper5@usol.com http://mcsuper5.freeshell.org/

Programming today is a race between software engineers striving
to build bigger and better idiot-proof programs, and the
Universe trying to produce bigger and better idiots. So far, the
Universe is winning. -- Rich Cook

John Hasler wrote:
> It's perfectly safe to change root's login shell as long as the shell you
> choose is in /bin or /usr/bin is not on a different partion than /bin.
> Scripts don't use root's login shell.

Oh? How about a counter example:
# echo /bin/sync >>/etc/shells
# chsh /bin/sync root
That would be quite problematic when for some reason only root was
allowed to login and only from the console.
Even if one argues "But wait, that's not a shell!", things could still
be problematic. Various programs/utilities may expect doing something
like:
su root -c some_argument
would have some_argument interpreted by some POSIX compliant shell.
Various other nastiness is also possible. E.g. let's say one changes
root's shell to /usr/bin/tcsh. The priority of tcsh is only
"standard". Such packages can be removed through quite ordinary means
(e.g. dpkg --remove tcsh). The consequences in such a case wouldn't
be particularly pleasant.

There are probably lots of other reasons and examples why changing
root's shell is, in general, not a good idea, but those are at least
a couple quick examples.

Also, for UNIX, BSD, etc., changing root's shell can be even more
problematic, ... so in general, changing root's shell is not a habit
one should get into.

Michael C. wrote:
> While I'm not positive of all of the security implications, I've
> seen boxes that had a second root account 'toor' with uid and gid
> 0, with a different shell, usually tcsh, I imagine it could make
> logging a nightmare if they were different users, but if they're
> the same that shouldn't be a problem.
>
> Iirc most programs/scripts use uid rather than username which may
> be problematic in some circumstances.

Multiple UID 0 login accounts is generally a bad idea security-wise.

In general, for security,

o To the extent feasible, one should never log in directly as
superuser (root). E.g. use sudo from one's individual personal
login account. Rationale includes auditing/logging and individual
accountability, control and minimal distribution/use of superuser
(root) password(s), etc.
o Don't have multiple superuser (UID 0) accounts. Rationale includes
auditing/logging (unique UID <--> login name mapping), control and
minimal distribution/use of superuser (root) password(s), etc.

Followup-to: adjusted and Subject: updated