Linked by Thom Holwerda on Thu 10th Nov 2011 20:45 UTC, submitted by Straylight
Oracle and SUN I just emerged, blinking, from the world of Skyrim, only to realise Sun Oracle has released the 11th version of Solaris (well, technically it's the 7th, but okay, we'll roll with it). I'll be honest and upfront about it: Solaris is totally out of my league, and as such, it's very hard for me to properly summarise what this release is all about, so I won't even try.
Permalink for comment 496935
To read all comments associated with this story, please click here.
RE[4]: Nice!
by SReilly on Fri 11th Nov 2011 08:28 UTC in reply to "RE[3]: Nice!"
SReilly
Member since:
2006-12-28

Question was, how would this be a sign of modernity (or not towing old baggage). But speaking of bad ideas, generally logging (and even more so directly ssh'ing) in as root does not seem to be the best one of them all (as you've correctly pointed out). Esp. true on Solaris (10+) which tends to utilize RBAC/sudo, clinging to root's usage might by some be considered a bit archaic. ;)


RBAC/sudo are great but don't cover all situations. For instance, I'm currently working a one month contract in which they're running all their production DBs on Solaris zones. Now, I'm the only UNIX guy here so for them to be using Solaris in the first place is a tad daft if you ask me. Anyway, the systems I'm talking about are two M4000's in two separat DCs with one Global zone a piece. I've spent a week writting a KSH script that allows us to failover one or all zones residing on one system to the other. Due to them not using Sun Clustering, it's got to be done via ssh and as these people don't have a clue about UNIX, I've got to make it as simple as possible for them. Passwordless ssh login for root is the only way to achive that. You seem like a knowlegable person therefore I'm sure you understand the situation with the .ssh directory. Now, call me a fickle person but I'd rather that directory did not reside on /.

Anyway, I spend the first week here cleaning up root's files on / and putting them in /root, among other things, and while checking out /etc/profile, I found some nice little additions by the dude from Sun that installed the servers, like set -o vi. Problem was, the guy didn't remember to change root's default shell to KSH so that option was as usefull as a bicycle to a fish.

In a large environment I'd agree with you but when you've three servers (one production, one testing and one development) using root is no biggy and much easier to deal with then implementing RBAC/sudo.

I am seriously unaware of making any comparison or qualifying statement. EDIT: The word "better" could have been misunderstood. The question was why should it be better for /bin/sh to be symlink to /usr/bin/ksh93, presuming that having /bin/sh as SH binary does not effect /usr/bin/ksh93 or /usr/bin/bash or /usr/bin/zsh for anyone who wants to use either of the Bourne shell family. Merely, as long as you can choose your favorite shell to log in and to run your scripts, I do not really understand why presence of another one should be any bothersome. I personally do not care for (t)csh too much, but see no reason to make a point of any system shipping it (it sure lives on my machine) or even making it default when changing is just one command operation.

My bad and fair ennough :-)

My point though was that the only reason why sh was the default shell was for historical reasons. Systems used to run /usr on either a separat partition or even an NFS share. If you needed to reboot in single user mode, you wouldn't have access to this directory and therefore no access to anything but statically linked binaries. As HDs are a tad larger these days, /usr usually resides on the same slice as /. As you so rightly pointed out, today sh points to /usr/bin/ksh so for Solaris to still us sh as the default shell can only be for historical reasons. Surely you can see that, no? I'm not saying that sh residing on the system (even though in this case it's only as KSH in sh mode) is a bad thing, far from it. There are still a mirade of scripts written in sh so I would expect there to be support for the shell.

Furthermore, the changing of the default shell to BASH and root's default directory to /root in Solaris 11 tend to lend quite a bit of weight to my arguments, don't you think?

Reply Parent Score: 3