Hi all I have a quick question. Is it better for my zsh shell to be in /usr/bin/zsh or /bin/zsh. I remember reading that one of them would mess up the whole system since zsh is not posix compliant. I believe that szh shouldn’t be set as the root shell. I now have it in /usr/bin/zsh, is that good? So now when I drop into a root shell I don’t get they autocompletion feature that zsh has. I’d also lose that fancy theme. Does that mean my root shell is still bash? Thanks
I understand the motivation of using the user environment in the root context. It’s still a bad idea. The assumption is, that it is easier to compromise a non-privileged desktop user than the root account. Imagine some exploit breaking out of a sandbox and doing some minor modifications to your $HOME: either aliasing
ls
to a script somewhere in your home by changing your profile or some shell rc file, or prepending your $PATH environment variable with a folder burried somewhere in your home directory where a scriptls
is placed:#!/usr/bin/env sh if (( $EUID == 0 )); then # do something evil here fi \ls "$@"
Now, as an attacker you just wait for some admin on a shared system to come along and use
sudo -s
.