Did you know: root shell in Solaris 10

As you know, traditionally with older Solaris versions you had to leave /sbin/sh as the default root shell. In Solaris 8 and 9, you’re supposed to do this because all the libraries for dynamic linking are in /usr/lib, which could well be on a separate /usr filesystem. This filesystem may not be accessible during the maintenance boot, and therefore it is regarded as a very bad practice to change the root shell.

To make sure the superuser is always going to be able to log in, you have a /sbin/sh assigned to root, and it’s a statically built binary, so it doesn’t need any of the external libraries:

solaris$ file /sbin/sh
/sbin/sh:       ELF 32-bit MSB executable SPARC Version 1, statically linked, stripped
solaris$ ldd /sbin/sh
ldd: /sbin/sh: file is not a dynamic executable or shared object

But did you know, that Solaris 10 has greatly improved this situation for you, and there are two major improvements? Here they are:

Standard libraries are in /lib now

Because of this, /lib directory is always accessible during your maintenance boots.

As a result of this, your /sbin/sh shell is now a regular executable using dynamic libraries:

solaris$ file /sbin/sh
/sbin/sh:       ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
solaris$ ldd /sbin/sh
libgen.so.1 =>   /lib/libgen.so.1
libsecdb.so.1 =>         /lib/libsecdb.so.1
libc.so.1 =>     /lib/libc.so.1
libnsl.so.1 =>   /lib/libnsl.so.1
libcmd.so.1 =>   /lib/libcmd.so.1
libmp.so.2 =>    /lib/libmp.so.2
libmd5.so.1 =>   /lib/libmd5.so.1
libscf.so.1 =>   /lib/libscf.so.1
libdoor.so.1 =>  /lib/libdoor.so.1
libuutil.so.1 =>         /lib/libuutil.so.1
libm.so.2 =>     /lib/libm.so.2

Built-in protection against non-executable root shells

If you change it to any other shell and it for some reason cannot be started for you, you will automatically get a standard /sbin/sh instead. The same kind of protection exists for sudo command as well.

These improvements make sure that there is nothing to stop you now from setting your root shell to anything you like.

Speak Your Mind