Hi all I have a quick question. Is it better for my zsh shell to be in /usr/bin/zsh or /bin/zsh. I remember reading that one of them would mess up the whole system since zsh is not posix compliant. I believe that szh shouldn’t be set as the root shell. I now have it in /usr/bin/zsh, is that good? So now when I drop into a root shell I don’t get they autocompletion feature that zsh has. I’d also lose that fancy theme. Does that mean my root shell is still bash? Thanks

    • _cnt0@lemmy.villa-straylight.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I understand the motivation of using the user environment in the root context. It’s still a bad idea. The assumption is, that it is easier to compromise a non-privileged desktop user than the root account. Imagine some exploit breaking out of a sandbox and doing some minor modifications to your $HOME: either aliasing ls to a script somewhere in your home by changing your profile or some shell rc file, or prepending your $PATH environment variable with a folder burried somewhere in your home directory where a script ls is placed:

      #!/usr/bin/env sh
      
      if (( $EUID == 0 )); then
          # do something evil here
      fi
      
      ls "$@"
      

      Now, as an attacker you just wait for some admin on a shared system to come along and use sudo -s.