Hi all I have a quick question. Is it better for my zsh shell to be in /usr/bin/zsh or /bin/zsh. I remember reading that one of them would mess up the whole system since zsh is not posix compliant. I believe that szh shouldn’t be set as the root shell. I now have it in /usr/bin/zsh, is that good? So now when I drop into a root shell I don’t get they autocompletion feature that zsh has. I’d also lose that fancy theme. Does that mean my root shell is still bash? Thanks

  • _cnt0@lemmy.villa-straylight.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I understand the motivation of using the user environment in the root context. It’s still a bad idea. The assumption is, that it is easier to compromise a non-privileged desktop user than the root account. Imagine some exploit breaking out of a sandbox and doing some minor modifications to your $HOME: either aliasing ls to a script somewhere in your home by changing your profile or some shell rc file, or prepending your $PATH environment variable with a folder burried somewhere in your home directory where a script ls is placed:

    #!/usr/bin/env sh
    
    if (( $EUID == 0 )); then
        # do something evil here
    fi
    
    ls "$@"
    

    Now, as an attacker you just wait for some admin on a shared system to come along and use sudo -s.