Re: itp: static bins / resolving static debian issues
On Sat, Aug 21, 1999 at 05:46:02PM -0700, Nathaniel Smith wrote:
> We should not have a seperate UID 0 account. Doing so will be bad from a
> security standpoint, and gain us nothing.
Agreed. Keeping things simple never hurts anyone.
> 1) add to sash the ability to parse a ~/.sash_profile on startup. In that
> file put the line "exec /bin/bash". If bash is broken, the exec will fail
> and leave you in sash
This sounds very good.
Having different accounts is like having separate fridges for beer and
milk. If you can do it with one, stick with it.
> Cons: changing root's shell becomes slightly error-prone, in that instead of
> messing with /etc/passwd or chsh the end-user now has to mess with
> /root/.sash_profile.
If we want to avoid altering sash one could write a small piece of
software, "root_login", which would read "/root/.root_login" and
try to execute shells listed in there:
bash
sash
(if bash fails it executes sash)
...or do I contradict with myself about simplicity?-) Maybe this
adds too much complexity, again.
Panu
--
Panu Hällfors, panupa@iki.fi
http://www.iki.fi/panupa/
Reply to: