SUMMARY: replacing the Bourne shell with the Korn shell

From: Spurgeon, John P <john.p.spurgeon_at_intel.com>
Date: Sun Nov 09 2003 - 19:37:00 EST
WOW! That generated an avalanche...

Replacing /sbin/sh with another program like /usr/bin/ksh is probably
not a good idea at all. In fact, EVERYONE said it was a horrible idea!
Many people pointed out that /sbin/sh is statically linked. Other
programs like /usr/bin/ksh and /usr/bin/sh aren't. (You can use the ldd
command to see this.)

If you do replace /sbin/sh with /usr/bin/ksh, you may not notice any
side effects until you reboot. I tried this on a server that I could
afford to lose just to see what would happen. After I executed "reboot",
the server went down and never came back up. Unfortunately, I'm at home
and the server is at the office, so I couldn't see what was happening at
the console. I suppose there's a slim chance that the server isn't on
the network for some other reason, but my money is on the change I made
to /sbin/sh.

After thinking about this limitation for a while it occurred to me that
a way to work around it might be to leave the files in /sbin alone, but
then mount a filesystem containing a copy of the directory (with the
"new" /sbin/sh) at /sbin once the system reached multi-user mode. Of
course, that's a pretty extreme tactic. Many people couldn't imagine why
I would want to replace the Bourne shell executables in the first place.
I shudder to think about what the reaction would be to the idea of
mounting on top of /sbin.

I got replies from people who warned me that there may be differences
between the Korn shell and the Bourne shell that could cause scripts
currently running under the Bourne shell to break if they were executed
by the Korn shell instead. I'm really not sure about this. Rosenblatt
(1993) says that the Korn shell is backwards compatible with the Bourne
shell except for the fact that the Bourne shell supports using ^ as an
alias for the pipe symbol. On our systems, it would be easy enough to
search for all occurrences of the ^ character in shell scripts to make
sure that this wasn't an issue. However, now that I think about it I
have noticed other differences between the two shells. For example, I
think variable scoping rules might be a little different within while
loops and/or case statements on Solaris. Anyone who is considering using
the Korn shell instead of the Bourne shell needs to keep this in mind.
The devil usually IS in the details.

Several people tried to tell me that if I want to use the Korn shell,
then I should just set the user's shell to /bin/ksh or put #!/bin/ksh at
the top of a script. Given that I had a brain fart and forgot what
/usr/bin/rsh is (it's remote shell, not the restricted shell!), I can
see why they might have felt the need to point out the obvious.

Perhaps it would help to explain my situation in some more detail:

1. The servers I wanted to make this change on are simply back-end
database servers. There are no end users on these systems who would be
offended by having the Bourne shell taken away from them.

2. Some were concerned that changes made to files in /sbin or /usr/bin
would be overwritten by patches. (Or worse, that we weren't patching our
systems at all.) Rest assured, we do patch our servers. And without
going into details, there are ways to apply patches without stomping on
customizations.

3. It was also pointed out that changing /sbin/sh voids support
contracts. A good point - if you have a support contract.

4. As many of you probably know, package install scripts are executed by
the Bourne shell no matter what you put on the first line of the script.
One thing I wanted to do was use the Korn shell to develop install
scripts. I was also concerned that scripts called by install scripts
would have to be written in the Bourne shell too (however, I have reason
to suspect that this is not the case). I did some testing and it turns
out that install scripts are interpreted by /sbin/sh, so if you replace
/sbin/sh with /usr/bin/ksh, your install scripts WILL be interpreted by
the Korn shell instead. But we've already discussed the problems
associated with changing /sbin/sh.

5. Another weird behavior that I encountered recently involves the way
$0 is expanded when you put #!<some shell> at the top of a setuid or
setgid script. Try this yourself and you'll see that instead of
replacing $0 with the name of the file, it's replaced with the pathname
of the shell instead! So now I have to choose: 1) don't use $0 to get
the filename in setuid or setgid scripts; 2) don't create setuid/setgid
shell scripts (and just in case someone is wondering - no, I'm not
creating setuid root shell scripts); or 3) don't put #!<shell> at the
top of the script. I reasoned that if I could guarantee that all scripts
would always be run by the Korn shell instead of the Bourne shell, then
option 3) wouldn't be a bad choice. And what better way to make such a
guarantee than to replace the Bourne shell executables with Korn shell
executables.

6. Many people had strong opinions about what shell root should have. If
you can't mount /usr, and root is using a shell in /usr/bin, then this
may be a problem. Or maybe not, depending on what techniques you can use
to recover in such a situation. For us, we've got backup servers that
can quickly be promoted; the only data we care about is in the database,
which is replicated between two servers and is backed up to tape; we can
rebuild a server in about an hour; and we can also boot from CD and
mount disk devices if we really need to access a filesystem.

John

P.S. In reference to my domain, one respondent guessed correctly - we're
running Solaris on two different platforms: AD450NX and C440GX+, neither
of which is a SPARC.


-----Original Message-----
From: Spurgeon, John P
Sent: Sunday, November 09, 2003 11:23 AM
To: 'sunmanagers@sunmanagers.org'
Subject: replacing the Bourne shell with the Korn shell


In Chapter 10 of "Learning the Korn Shell", Bill Rosenblatt talks about
replacing the Bourne shell with the Korn shell. I'm considering doing
this on a Solaris 7 system as follows:

rm /sbin/sh; cp -p /usr/bin/ksh /sbin/sh
rm /usr/bin/sh; ln /usr/bin/ksh /usr/bin/sh
rm /usr/bin/jsh; ln /usr/bin/ksh /usr/bin/jsh
rm /usr/lib/rsh; ln /usr/bin/ksh /usr/lib/rsh
rm /usr/bin/rsh; ln /usr/bin/ksh /usr/bin/rsh

However, I'm somewhat concerned about /usr/bin/rsh. I can see that
/usr/bin/sh, /usr/bin/jsh, and /usr/lib/rsh are all hard links to the
same program, but /usr/bin/rsh is different. Furthermore, /usr/bin/rsh
is a setuid root program.

Does anyone know why /usr/bin/rsh is different, why it is setuid root,
and what the consequences of replacing the file with /usr/bin/ksh are?

I'm not so concerned about /sbin/sh, because it's not setuid root;
however, it is also different from /usr/bin/sh. I'm curious to know what
the difference is between these two programs as well.

John Spurgeon
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Sun Nov 9 19:41:41 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:21 EST