tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: toor shell: /rescue/sh?

> Of course, that means that those shells should be listed in
> /etc/shells.

Actually, /etc/shells should be scrapped.

As far as I can tell, it was invented to close the "chsh with newlines
in the shell name" hole, then got co-opted as a "this is/isn't a
general-purpose user" flag.  It isn't a good solution to either of
those problems; the API to it, which is what programs (as oppsoed to
admins) see, is broken even worse, both in fundamental design (overload
the shell as a "is/isn't a general-purpose account" flag) and detailed
design (the interface should have been "is this shell OK?", not "give
me a list of the OK shells", since the latter works only when the list
is small and easily enumerable, thus making it infeasible to, for
example, allow an admin to configure "any shell owned by root is OK",
_even by replacing the implementation_).  It's also broken
philosophically, in that it breaks the "the shell is just another
program" paradigm Unix had previously always had.

Perpetuating the mistake will not make it any less of a mistake.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index