Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh configuration files

X-seq: zsh-users 13492
From: "Matt Wozniski" <godlygeek@xxxxxxxxx>
To: zsh-users@xxxxxxxxxx
Subject: Re: Zsh configuration files
Date: Tue, 25 Nov 2008 13:57:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=DdXV/7HXZZqvYx5vIUBsNgHeikFvn/j62iFHMEY0JOA=; b=nbjBcNmlCmDAJ7zoyUWBx9j0Z5il4Eat3l3jDktX9YHsprcqhKW+/DHxU9BlaQ+clp /0EmbDk5pqgJfN9czkvMgs28y6XAimAXOtu8G+nUablXbpm5mTiZOg+aIr5dgIyCMX3E gVVMYOw2Gc4Z8YHBjJTEj3E7+qQ4oukeVdYYk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=Yoau8C1emIhjNAufOvChPHTnxa96eMMY88scgeLJN8Mv+2SO/BVchtyP6IcEKJDGgF 33ZZ4yVMZ3BlgrwFPI7bT90ilYG+kvjovjHLdnA0FPUJ835yCYmVcxiTMu4TYZsrVgcI /Cy1I5Niv/dnn501dFYJrJjGNjU0ISRwoL2cY=
In-reply-to: <20081125183230.33d860d4@news01>
Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
References: <ggbjfl$der$1@xxxxxxxxxxxxx> <2d460de70811230730v1a79f3b3rd73a020f99b66f02@xxxxxxxxxxxxxx> <ggcv5t$a88$1@xxxxxxxxxxxxx> <alpine.LNX.2.00.0811241643240.20698@xxxxxxxxxxxxxxx> <b2e43f8f0811250910l7828242bnf3c8e137756b2f16@xxxxxxxxxxxxxx> <20081125183230.33d860d4@news01>

On Tue, Nov 25, 2008 at 1:32 PM, Peter Stephenson wrote:
> On Tue, 25 Nov 2008 12:10:43 -0500
> "Allan Caffee" wrote:
>> > 2. For running as root, I can just link my normal-user .zshrc and .zshenv
>> > files, and it'll detect that they're linked, and use the .zsh_* files from
>> > my normal-user directory
>>
>> That sounds really dangerous.  You're offering a hook for someone to
>> execute arbitrary code as root.  If someone breaks your user account
>> they could for example add a file in your home directory that resets
>> the root password or does some other really mean things.  If you want
>> root to have the same setup as your regular user you should put it
>> somewhere that only root can write.
>
> It's probably worth pointing out that if you use sudo, as many people do
> (it's the normal method of accessing root in a lot of places), then it will
> usually execute your own start up files: the shell starts up essentially as
> for the user, except with UID 0.  Furthermore, the password for accessing
> root in this case is the same as the user's own.  So it seems a lot of
> people aren't too worried about this aspect.  They probably tend not to be
> sites accesible by the general public.

"sudo", by default, doesn't start a root shell, and therefore doesn't
run shell rc's by default.  You can force it to, of course, with
something like "sudo -s", but that's not the right way to get a root
shell using sudo; you should instead use 'sudo -i' - which changes
$HOME and runs the shell specified for the user being switched to in
/etc/passwd...  And there's no loss of security from allowing users to
change to the root account with their own password; though of course
sudo can be configured to use the root password instead of the user
password...

~Matt

Follow-Ups:
- Re: Zsh configuration files
  - From: Richard Hartmann

References:
- Zsh configuration files
  - From: Maurício
- Re: Zsh configuration files
  - From: Richard Hartmann
- Re: Zsh configuration files
  - From: Maurício
- Re: Zsh configuration files
  - From: Benjamin R. Haskell
- Re: Zsh configuration files
  - From: Allan Caffee
- Re: Zsh configuration files
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author