Zsh configuration files

Zsh configuration files

[Maurí­cio]

Hi,

I've just started using zsh in two computers. I
configured zsh in one of them and copied .zshrc
and .zcompdump to the other. However, the prompt
in the second is different from the first. Are
there other configuration files I forgot to
copy?

Thanks,
Maurício

Re: Zsh configuration files

[Frank Terbeck]

Maurí­cio <briqueabraque@yahoo.com>:
> I've just started using zsh in two computers. I
> configured zsh in one of them and copied .zshrc
> and .zcompdump to the other. However, the prompt
> in the second is different from the first. Are
> there other configuration files I forgot to
> copy?

You don't need to copy .zcompdump. It's auto-generated.

Here is an overview of configuration files read by zsh:
    <http://zshwiki.org/home/config/files>

Regards, Frank

-- 
In protocol design, perfection has been reached not when there is
nothing left to add, but when there is nothing left to take away.
                                                  -- RFC 1925

Re: Zsh configuration files

[Richard Hartmann]

On Sun, Nov 23, 2008 at 13:48, Maurí­cio <briqueabraque@yahoo.com> wrote:

> I've just started using zsh in two computers. I
> configured zsh in one of them and copied .zshrc
> and .zcompdump to the other. However, the prompt
> in the second is different from the first. Are
> there other configuration files I forgot to
> copy?

Define different. If one has bold colors where the
other has light colors, it's a implementation detail
of the terminal emulator.

Most notably at the moment, Konsole 1.x (KDE 3)
employs lighter colors while Konsole 2.x (KDE 4)
uses bold. Bold is correct, but many terminals
don't adhere to that.


Richard

Re: Zsh configuration files

[Maurí­cio]

>> I've just started using zsh in two computers. I
>> configured zsh in one of them and copied .zshrc
>> and .zcompdump to the other. However, the prompt
>> in the second is different from the first. Are
>> there other configuration files I forgot to
>> copy?
> 
> Define different. If one has bold colors where the
> other has light colors, it's a implementation detail
> of the terminal emulator.
> 
> Most notably at the moment, Konsole 1.x (KDE 3)
> employs lighter colors while Konsole 2.x (KDE 4)
> uses bold. Bold is correct, but many terminals
> don't adhere to that.
> 

Nothing important, just the prompt in the second
computer shows no information (current directory
etc.).

What matters to me is that, since I keep my
configuration under version control, I would like
to be sure everything in my user configuration is
there. If something remains wrong, I'll try to fix.

Thanks,
Maurício

Re: Zsh configuration files

[Benjamin R. Haskell]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 3783 bytes --]

On Sun, 23 Nov 2008, Maurí­cio wrote:

>>> I've just started using zsh in two computers. I
>>> configured zsh in one of them and copied .zshrc
>>> and .zcompdump to the other. However, the prompt
>>> in the second is different from the first. Are
>>> there other configuration files I forgot to
>>> copy?
>> 
>> Define different. If one has bold colors where the
>> other has light colors, it's a implementation detail
>> of the terminal emulator.
>> 
>> Most notably at the moment, Konsole 1.x (KDE 3)
>> employs lighter colors while Konsole 2.x (KDE 4)
>> uses bold. Bold is correct, but many terminals
>> don't adhere to that.
>> 
>
> Nothing important, just the prompt in the second
> computer shows no information (current directory
> etc.).
>
> What matters to me is that, since I keep my
> configuration under version control, I would like
> to be sure everything in my user configuration is
> there. If something remains wrong, I'll try to fix.
>
> Thanks,
> Maurício

Hi Maurício --

Nice to see you here.

Long ago, I set some things up for easily sharing my Zsh startup scripts 
between various computers I use. I did most of this when I was still 
fairly new to Zsh, so some things might have easier/better ways to do 
them, but this is how I set mine up. Some features:

1. Automatically runs any files matching .zsh_* in my home dir, excluding 
vim swap files

2. For running as root, I can just link my normal-user .zshrc and .zshenv 
files, and it'll detect that they're linked, and use the .zsh_* files from 
my normal-user directory

3. To override things in the .zsh_* files, I also have .zsh_*- files.
  (e.g. .zsh_prompt, for general prompt setup, and .zsh_prompt- for 
system-specific)

4. On some systems, I don't have 'list' access to my actual home dir 
until I get my AFS tokens, so I read the list of .zsh_* files from 
~/.ZSHFILES



Here's the section from my .zshrc that handles all this:

##### at the end of my .zshrc #####
# three dirs to check by default
dirs=(~/.zsh-scripts ~ ~/.zsh-scripts-)

# if this .zshrc is a symlink, use its directory, too
SCRIPT=${(%)${:-%N}}
if [ -L $SCRIPT ] ; then
         SCRIPT=$(readlink $SCRIPT)
         dirs+=($SCRIPT:h)
fi
for dir in $dirs ; do
         [ ! -d $dir ] && continue
         setopt nullglob
         pushd $dir
         files=(.zshrc-)
         if [ -f .ZSHFILES ] ; then
                 files=($files `cat .ZSHFILES`)
         else
                 files=($files *zsh_*~*.swp~*.zsh_history)
         fi
         for file in $files ; [ -r $file ] && source $file
         popd
         setopt nonullglob
done
##### .zshrc #####


So, in my Mercurial repository, I have the following files:

.zsh_aliases
.zsh_aliases-
.zsh_bluetooth-
.zsh_colors
.zsh_completion-
.zsh_functions
.zsh_functions-
.zsh_gpg-
.zsh_history_setup
.zsh_locale
.zsh_make_backups-
.zsh_math
.zsh_prompt
.zsh_prompt-
.zsh_screen
.zsh_ssh
.zsh_svn_backup
.zshenv
.zshenv-
.zshrc
.zshreminder

But, I only really keep these versioned for my 'main' computer. For any 
other computers I use, I have a script that packages up the ones that 
aren't machine-specific and dumps it onto my web server. So, when I start 
using Zsh on a new computer I can do:

wget -O - http://benizi.com/zsh.tbz2 | tar -jxvf -
# (Nothing sensitive -- that's the actual URL.)

.screenrc
.vimrc
.zsh_aliases
.zsh_colors
.zsh_functions
.zsh_history_setup
.zsh_locale
.zsh_math
.zsh_prompt
.zsh_screen
.zsh_ssh
.zshenv
.zshrc

Usually the only thing I immediately add is:

echo 'PSCOLOR=$BLUE' > ~/.zsh_prompt-
(I find it helpful to have different machines' prompts colored 
differently. PSCOLOR is something used in .zsh_prompt)

(Maurício -- The functions I mentioned on the mlterm list are spread 
across .zsh_prompt and .zsh_colors )

Best,
Ben

Re: Zsh configuration files

[Allan Caffee]

On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell <zsh@benizi.com> wrote:

> Long ago, I set some things up for easily sharing my Zsh startup scripts
> between various computers I use. I did most of this when I was still fairly
> new to Zsh, so some things might have easier/better ways to do them, but
> this is how I set mine up. Some features:
>
> 1. Automatically runs any files matching .zsh_* in my home dir, excluding
> vim swap files
>
> 2. For running as root, I can just link my normal-user .zshrc and .zshenv
> files, and it'll detect that they're linked, and use the .zsh_* files from
> my normal-user directory

That sounds really dangerous.  You're offering a hook for someone to
execute arbitrary code as root.  If someone breaks your user account
they could for example add a file in your home directory that resets
the root password or does some other really mean things.  If you want
root to have the same setup as your regular user you should put it
somewhere that only root can write.

Other than that I have a very familiar setup with Zsh initialization
files contained in a Git repository in /usr/local/etc/zsh so that I
can keep changes logged and synced between separate systems.

Regards,
Allan

(OT?) Re: Zsh configuration files

[Benjamin R. Haskell]

On Tue, 25 Nov 2008, Allan Caffee wrote:

> On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell <zsh@benizi.com> wrote:
>
>> Long ago, I set some things up for easily sharing my Zsh startup 
>> scripts between various computers I use. I did most of this when I was 
>> still fairly new to Zsh, so some things might have easier/better ways 
>> to do them, but this is how I set mine up. Some features:
>>
>> 1. Automatically runs any files matching .zsh_* in my home dir, 
>> excluding vim swap files
>>
>> 2. For running as root, I can just link my normal-user .zshrc and 
>> .zshenv files, and it'll detect that they're linked, and use the .zsh_* 
>> files from my normal-user directory
>
> That sounds really dangerous.  You're offering a hook for someone to 
> execute arbitrary code as root.  If someone breaks your user account 
> they could for example add a file in your home directory that resets the 
> root password or does some other really mean things.  If you want root 
> to have the same setup as your regular user you should put it somewhere 
> that only root can write.

I was thinking about that as I posted to the list, and since you pointed 
it out, maybe I'll get some general feedback... (sorry if this is too 
off-topic)

Like many users (I suspect), most of the systems I'm talking about here 
are essentially single-user systems. I log in under a normal user account, 
but the only reason not to log in as root is 'rm -rf /' protection. (i.e. 
so as to not cause unintentional damage.) On other systems, either:

1) I don't have root access, so this doesn't apply

2) The systems are properly secured (running/behind a firewall, 
non-essential services are off, passwords are strong, system is kept 
up-to-date, and I only ever log in to my normal account via SSH with keys) 
[modulo, of course, this discussion]

Am I really setting myself up for badness via this automated .zsh_* stuff?

And even beyond those reasons... I always got the impression that someone 
capable of using exploit X to break into a normal user's account had a 
pretty low barrier to using exploit Y to elevate their privileges to root. 
Is that not generally the case? [i.e. a system is only secure as its least 
secure user]

Best,
Ben

Re: Zsh configuration files

[Peter Stephenson]

On Tue, 25 Nov 2008 12:10:43 -0500
"Allan Caffee" <allan.caffee@gmail.com> wrote:
> > 2. For running as root, I can just link my normal-user .zshrc and .zshenv
> > files, and it'll detect that they're linked, and use the .zsh_* files from
> > my normal-user directory
> 
> That sounds really dangerous.  You're offering a hook for someone to
> execute arbitrary code as root.  If someone breaks your user account
> they could for example add a file in your home directory that resets
> the root password or does some other really mean things.  If you want
> root to have the same setup as your regular user you should put it
> somewhere that only root can write.

It's probably worth pointing out that if you use sudo, as many people do
(it's the normal method of accessing root in a lot of places), then it will
usually execute your own start up files: the shell starts up essentially as
for the user, except with UID 0.  Furthermore, the password for accessing
root in this case is the same as the user's own.  So it seems a lot of
people aren't too worried about this aspect.  They probably tend not to be
sites accesible by the general public.

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070

Re: (OT?) Re: Zsh configuration files

[Matt Wozniski]

On Tue, Nov 25, 2008 at 1:26 PM, Benjamin R. Haskellwrote:
> On Tue, 25 Nov 2008, Allan Caffee wrote:
>
>> On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell
>> wrote:
>>
>>> Long ago, I set some things up for easily sharing my Zsh startup scripts
>>> between various computers I use. I did most of this when I was still fairly
>>> new to Zsh, so some things might have easier/better ways to do them, but
>>> this is how I set mine up. Some features:
>>>
>>> 1. Automatically runs any files matching .zsh_* in my home dir, excluding
>>> vim swap files
>>>
>>> 2. For running as root, I can just link my normal-user .zshrc and .zshenv
>>> files, and it'll detect that they're linked, and use the .zsh_* files from
>>> my normal-user directory
>>
>> That sounds really dangerous.  You're offering a hook for someone to
>> execute arbitrary code as root.  If someone breaks your user account they
>> could for example add a file in your home directory that resets the root
>> password or does some other really mean things.  If you want root to have
>> the same setup as your regular user you should put it somewhere that only
>> root can write.
>
> I was thinking about that as I posted to the list, and since you pointed it
> out, maybe I'll get some general feedback... (sorry if this is too
> off-topic)
>
> Like many users (I suspect), most of the systems I'm talking about here are
> essentially single-user systems. I log in under a normal user account, but
> the only reason not to log in as root is 'rm -rf /' protection. (i.e. so as
> to not cause unintentional damage.) On other systems, either:
>
> 1) I don't have root access, so this doesn't apply
>
> 2) The systems are properly secured (running/behind a firewall,
> non-essential services are off, passwords are strong, system is kept
> up-to-date, and I only ever log in to my normal account via SSH with keys)
> [modulo, of course, this discussion]
>
> Am I really setting myself up for badness via this automated .zsh_* stuff?

Yes.  Automatically running code as root that can be written by a
regular user is a very bad idea.

> And even beyond those reasons... I always got the impression that someone
> capable of using exploit X to break into a normal user's account had a
> pretty low barrier to using exploit Y to elevate their privileges to root.
> Is that not generally the case? [i.e. a system is only secure as its least
> secure user]

That's not really true at all.  It's much harder to get root
privileges with a user regular account than to break into the
system...  and with a setup like yours, you make it much much easier
for someone to run arbitrary code as root, and compromise the system
entirely.  The fact that extracting a tarball in $HOME that extracts a
(hidden!) file name .zsh_* can cause a script to be run as root that
can do anything at all to the system is very, very bad.

~Matt

Re: Zsh configuration files

[Matt Wozniski]

On Tue, Nov 25, 2008 at 1:32 PM, Peter Stephenson wrote:
> On Tue, 25 Nov 2008 12:10:43 -0500
> "Allan Caffee" wrote:
>> > 2. For running as root, I can just link my normal-user .zshrc and .zshenv
>> > files, and it'll detect that they're linked, and use the .zsh_* files from
>> > my normal-user directory
>>
>> That sounds really dangerous.  You're offering a hook for someone to
>> execute arbitrary code as root.  If someone breaks your user account
>> they could for example add a file in your home directory that resets
>> the root password or does some other really mean things.  If you want
>> root to have the same setup as your regular user you should put it
>> somewhere that only root can write.
>
> It's probably worth pointing out that if you use sudo, as many people do
> (it's the normal method of accessing root in a lot of places), then it will
> usually execute your own start up files: the shell starts up essentially as
> for the user, except with UID 0.  Furthermore, the password for accessing
> root in this case is the same as the user's own.  So it seems a lot of
> people aren't too worried about this aspect.  They probably tend not to be
> sites accesible by the general public.

"sudo", by default, doesn't start a root shell, and therefore doesn't
run shell rc's by default.  You can force it to, of course, with
something like "sudo -s", but that's not the right way to get a root
shell using sudo; you should instead use 'sudo -i' - which changes
$HOME and runs the shell specified for the user being switched to in
/etc/passwd...  And there's no loss of security from allowing users to
change to the root account with their own password; though of course
sudo can be configured to use the root password instead of the user
password...

~Matt

Re: Zsh configuration files

[Richard Hartmann]

On Tue, Nov 25, 2008 at 19:57, Matt Wozniski <godlygeek@gmail.com> wrote:

> And there's no loss of security from allowing users to
> change to the root account with their own password

Of course there is: You only need to crack/steal/sniff
one password.instead of two.
Also, with a root shell, you know that you need to
secure it. That might not be the case for sudo with
magic cookie.

Basically, sudo was never intended to be run with
ALL=(ALL) ALL for every single user on the system.


Richard