Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!ptsfa!ames!aurora!labrea!rutgers!mtune!whuts!homxb!mtuxo!rolls!doug!tim
From: tim@doug.UUCP (Tim J Ihde)
Newsgroups: comp.unix.wizards
Subject: Re: Non-standard shell and su.
Summary: root shell location
Message-ID: <502@doug.UUCP>
Date: 12 Jan 88 15:56:09 GMT
References: <200@icus.UUCP> <264@ho7cad.ATT.COM> <8389@steinmetz.steinmetz.UUCP> <8528@steinmetz.steinmetz.UUCP>
Organization: AT&T ISL - Somerset, NJ
Lines: 25

I can't find the original article here, so forgive me if I'm completely
off in the ether someplace; but on this general topic I can give
one warning from experience.

We were having some questionable security problems, and just wanted to
be able to log what people were doing after they had su'd.  The
quickest thing one fellow here could think of was to change the /etc/passwd
entry for root so that it used ksh as the default shell instead of sh.
This worked quite well; the .history file told us everything we wanted
to know (funny how people who know about 'vi /usr/adm/sulog' don't
try 'vi /.history').

What we hadn't been thinking about was that our ksh was located in
/usr/local/bin/ksh.  Which is not located on the root filesystem.
So it isn't avaliable on bootup to run all those nice shell scripts
in /etc.

Of course, this little problem was not noticed until we needed to
bring the system up after shutting down for some PM.  Well, at least
we had backups!
-- 
Tim J. Ihde					ihnp4!ctsmain!doug!tim
(201) 535-9897

Ok, we can all agree that this is my fault.