PATH after creating .bashrc

Brandon S Allbery KF8NH allbery at kf8nh.com
Sun Sep 12 19:17:51 PDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/12/10 22:08 , John B Brown wrote:
>     Wouldn't using .bashrc for it's original purpose be desirable? It was a
> method of removing dangerous abilities from remote users; hence the rc,
> short for remote commands. Isn't .bashrc the place to put the detection and
> restriction of remote access.

Uh, what?  "rc" means "run commands". The convention wasn't invented by the
bash developers; it originated back before anyone much cared about network
security (or indeed networks; 7th Research Edition Unix had no networking
capabilities, but the "rc" convention was already well established).

Moreover, if network/remote access control hasn't taken place by the time
your shell starts up, you're already in a very bad place.  (See also the old
r-commands, and why nobody used the "restricted shell" mode in /bin/sh and
the capability was eventually removed.)

(It's also worth noting that a script that by design is not run in login
shells by default is a really poor place to put restrictions on said login
shell.)

.bashrc, following the convention, is Run Commands on normal shell startup.
.profile / .bash_profile, by convention from 7th Research Edition /bin/sh,
is run by login shells.  .bashrc is long predated by .cshrc, which serves
the same function in csh and was implemented some 15 years before bash was
written.

- -- 
brandon s. allbery     [linux,solaris,freebsd,perl]      allbery at kf8nh.com
system administrator  [openafs,heimdal,too many hats]  allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university      KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyNic8ACgkQIn7hlCsL25VthwCeP1hdS8wOgCr/n+bv6pmiHlUQ
kDQAnRz5hiGWupoYxz+OM63ZZCRjoDnA
=5JsS
-----END PGP SIGNATURE-----


More information about the macports-users mailing list