toor, root and shells
Way back when, neither the csh or sh shells had tab completion,
scrolling through history with the arrow keys and other things that we
often take for granted.
The original developers of FreeBSD preferred csh to Bourne style shells.
So, at some point it was decided that /bin should only have two shells,
csh and sh. Remember disk space was far more precious then. Because
the original developers preferred csh, the version of csh put in
/bin was actually tcsh, a version of csh with tab completion, history
scrolling and the like. (The interested reader can see this by doing a
ls -i for csh and tcsh. They have the same inode.)
The /bin/sh shell, on the other hand is the very basic Bourne shell.
There are no fancy features such as tab completion. However, it is
there (and indeed, is the default shell if you boot into single user
mode) for those who prefer Bourne style shells.
If you decide to install bash, zsh or ksh, they aren't installed in
/bin. They are installed in /usr/local/bin. They are fine
for day to day use, but not usable if you can only mount / or
if you boot into single user mode. Therefore, one should not
change root's default shell from csh.
However, many people wanted to work as root with an extended Bourne
style shell. While sh is available in /bin, it lacks some features to
which we have become accustomed, such as tab completion. Enter the toor
The toor account is listed in /etc/passwd as Bourne-again Superuser.
Like root, toor has the UID of 0. I believe (according to a couple of
posts on google) that originally the account was only created if the
bash shell was installed, but other posts indicate that it has always
been there. Regardless, the account is created during a default
The toor account has the same powers as the root account. It has no
password by default. To use it, you have to set a password for it.
(Or log in as root and su to toor).
So, this is one use for the toor account, have root's UID, but have a
default shell that lives in /usr/local.
Other people use toor as a backup Superuser account, to use if, for
example, root's shell or account gets corrupted. If toor is being
used for this purpose, then its default shell should remain as /bin/sh,
for the same reasons given above--if it is an emergency use
account, then there might be some reason other shells weren't accessible.
People coming to FreeBSD from Linux sometimes don't realize that sh
and bash are two different things. Unless you need some special feature
of bash that isn't in sh, for example, the select loop, it is always
best to write scripts using /bin/sh rather than /usr/local/bin/bash for
maximum portability. In many Gnu/Linux distributions. /bin/sh is simply
a link to /bin/bash, but they are two different shells.
Various bad things can happen when you change root's shell.
Net and OpenBSD also offer ksh as a default shell during installation. The person more familiar with bash or other Bourne shells is probably better off with ksh than a C shell variant.
I know toor has been around awhile, other then being root spelled backwards I've never seen much point to it. The super user account being named root is more tradition then purposeful imho, aside from any body that assumes there is a 'root' >_>
There is nothing to stop us from creating, say an account named kwyjibo with a UID of 0, assuming we had access to such an account ourselves. I think I've heard of one or two people that actually bothered.
I've always operated under the assumption that the kernel see's numerical UID, GID, and a bitmask of file permissions where we see usernames, group names, and -rwx--* stuff.
Having predominately used systems where roots standard shell has tab completion available (FreeBSD, OpenBSD, many Linux distros), I've never bothered to use any thing but the default for roots,. So I've never thought about simply using toor, just an exec if I ever needed an automated change.
In the case of FreeBSD at least, technically shouldn't it make no difference what root's default shell is? Since you get an enter path to your shell prompt with a default of /bin/sh for single user mode?
The only point I personally could see to using anything but the root account, would be changing root and toor to dead-end accounts and using a randomly selected username as the real super user to keep people guessing. Which wouldn't make much sense because anyone who can look at /etc/password could find all super user accounts.
Terry@dixie$ grep -E '\w*:.*:0:0:.*' /etc/passwd 3:50 root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: Terry@dixie$ 3:50
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
according to http://everything2.com/title/Charlie%2520Root
"No, that's wrong, Cartman. But don't worry, there are no stupid answers, just stupid people." -- Mr. Garrison
I just use sudo. I never used to, until I started using Mac OS X. Then, I just decided it was convenient enough to prepend sudo if I needed to use root privileges or do sudo -s if I needed a full root shell with my current environment. This way, I don't need to change any of the root user's settings besides the password during install.
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity."
MacBook Pro (Darwin 9), iMac (Darwin 9), iPod Touch (Darwin 9), Dell Optiplex GX620 (FreeBSD 7.1-STABLE)
|Thread||Thread Starter||Forum||Replies||Last Post|
|ZFS root and linproc 7.2-RC1||wnsi||FreeBSD Installation and Upgrading||0||20th April 2009 06:54 PM|
|ssh root||Nk2Network||OpenBSD Security||22||8th April 2009 06:59 PM|
|NTOP as root||sniper007||FreeBSD Security||0||27th January 2009 06:42 PM|
|Wheel Can't su root||MetalHead||OpenBSD General||2||21st November 2008 11:44 PM|
|root mail||sheriff26||FreeBSD General||5||2nd July 2008 04:56 PM|