port-mac68k: Re: using tcsh as default root shell

Subject: Re: using tcsh as default root shell - Take 2
To: Jeffrey Ohlmann <jeffbsd@yahoo.com>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: port-mac68k
Date: 05/24/2000 01:13:50
On Tue, May 23, 2000 at 08:35:05PM -0700, Jeffrey Ohlmann wrote:
> 
> --- Bill Studenmund <wrstuden@zembu.com> wrote:
> 
> > Let me re-phrase the question: Is it you really want root's shell to
> > be tcsh, or you want to be using tcsh when you do root admin work?
> > 
> > The difference is there are two ways to do the latter while leaving
> > root's shell alone. 1) use the su -m command which will use your
> > shell once it gets to root (Thanks to Colin for telling me about this
> > one).
> 
> Now this I like. I don't care what root is for real just as long as I
> don't have to try to remember to change shells first thing every time I
> su. (Nothing worse than trying to 'up-arrow' to a previous command and
> getting keyboard gibberish.)

Well, remember that it's not the same instance of the shell, just the
same shell. So you can't get to your command history from the user
shell. But I don't think that's really what you meant, so...

I, too, am cowed that I didn't know about su -m. Seems to be a BSDism,
though - doesn't work on the Slowlaris machines I help admin at
cs.swarthmore.edu.

> > 2) Make a new UID 0 account which has tcsh as its shell. Just don't
> > name it "root". I use "croot" personally. :-)
> 
> As far as this goes, I've never fully understood how two accounts can
> have the same UID. I thought each account had to have a unique UID.
> What's the implication of the second root-like account? If actual root
> gets pooched, you can log in as root#2 and patch things up for root#1 ?

Well, you're not theoretically supposed to do that, as anything that
treats users by UID will just grab the first user listed in
/etc/passwd when it goes looking for the UID, but since all you want
is a mirror of root, you've got nothing to worry about. Of course, the
standard NetBSD daily security script will complain a bit, but mine
does that anyway for a bunch of files in /etc with more restrictive
permissions than it expects (I use RCS, so a lot of stuff in /etc is
not writeable, even by root). Just ignore the complaints or reset its
database (erm, is that possible, btw?).

In general, regular users shouldn't have the same UID (and scary mail
deliver things will happen if they do), but having multiple UID 0
accounts is an acceptable "error". You'll probably want to make sure
that root remains the first of them in /etc/passwd, though.

       ~ g r @ eclipsed.net