* Zsh configuration files @ 2008-11-23 12:48 Maurício 2008-11-23 13:03 ` Frank Terbeck 2008-11-23 15:30 ` Richard Hartmann 0 siblings, 2 replies; 11+ messages in thread From: Maurício @ 2008-11-23 12:48 UTC (permalink / raw) To: zsh-users Hi, I've just started using zsh in two computers. I configured zsh in one of them and copied .zshrc and .zcompdump to the other. However, the prompt in the second is different from the first. Are there other configuration files I forgot to copy? Thanks, Maurício ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-23 12:48 Zsh configuration files Maurício @ 2008-11-23 13:03 ` Frank Terbeck 2008-11-23 15:30 ` Richard Hartmann 1 sibling, 0 replies; 11+ messages in thread From: Frank Terbeck @ 2008-11-23 13:03 UTC (permalink / raw) To: zsh-users Maurício <briqueabraque@yahoo.com>: > I've just started using zsh in two computers. I > configured zsh in one of them and copied .zshrc > and .zcompdump to the other. However, the prompt > in the second is different from the first. Are > there other configuration files I forgot to > copy? You don't need to copy .zcompdump. It's auto-generated. Here is an overview of configuration files read by zsh: <http://zshwiki.org/home/config/files> Regards, Frank -- In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away. -- RFC 1925 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-23 12:48 Zsh configuration files Maurício 2008-11-23 13:03 ` Frank Terbeck @ 2008-11-23 15:30 ` Richard Hartmann 2008-11-24 1:14 ` Maurício 1 sibling, 1 reply; 11+ messages in thread From: Richard Hartmann @ 2008-11-23 15:30 UTC (permalink / raw) To: Maurício; +Cc: zsh-users On Sun, Nov 23, 2008 at 13:48, Maurício <briqueabraque@yahoo.com> wrote: > I've just started using zsh in two computers. I > configured zsh in one of them and copied .zshrc > and .zcompdump to the other. However, the prompt > in the second is different from the first. Are > there other configuration files I forgot to > copy? Define different. If one has bold colors where the other has light colors, it's a implementation detail of the terminal emulator. Most notably at the moment, Konsole 1.x (KDE 3) employs lighter colors while Konsole 2.x (KDE 4) uses bold. Bold is correct, but many terminals don't adhere to that. Richard ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-23 15:30 ` Richard Hartmann @ 2008-11-24 1:14 ` Maurício 2008-11-24 22:33 ` Benjamin R. Haskell 0 siblings, 1 reply; 11+ messages in thread From: Maurício @ 2008-11-24 1:14 UTC (permalink / raw) To: zsh-users >> I've just started using zsh in two computers. I >> configured zsh in one of them and copied .zshrc >> and .zcompdump to the other. However, the prompt >> in the second is different from the first. Are >> there other configuration files I forgot to >> copy? > > Define different. If one has bold colors where the > other has light colors, it's a implementation detail > of the terminal emulator. > > Most notably at the moment, Konsole 1.x (KDE 3) > employs lighter colors while Konsole 2.x (KDE 4) > uses bold. Bold is correct, but many terminals > don't adhere to that. > Nothing important, just the prompt in the second computer shows no information (current directory etc.). What matters to me is that, since I keep my configuration under version control, I would like to be sure everything in my user configuration is there. If something remains wrong, I'll try to fix. Thanks, Maurício ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-24 1:14 ` Maurício @ 2008-11-24 22:33 ` Benjamin R. Haskell 2008-11-25 17:10 ` Allan Caffee 0 siblings, 1 reply; 11+ messages in thread From: Benjamin R. Haskell @ 2008-11-24 22:33 UTC (permalink / raw) To: Zsh Users [-- Attachment #1: Type: TEXT/PLAIN, Size: 3783 bytes --] On Sun, 23 Nov 2008, Maurício wrote: >>> I've just started using zsh in two computers. I >>> configured zsh in one of them and copied .zshrc >>> and .zcompdump to the other. However, the prompt >>> in the second is different from the first. Are >>> there other configuration files I forgot to >>> copy? >> >> Define different. If one has bold colors where the >> other has light colors, it's a implementation detail >> of the terminal emulator. >> >> Most notably at the moment, Konsole 1.x (KDE 3) >> employs lighter colors while Konsole 2.x (KDE 4) >> uses bold. Bold is correct, but many terminals >> don't adhere to that. >> > > Nothing important, just the prompt in the second > computer shows no information (current directory > etc.). > > What matters to me is that, since I keep my > configuration under version control, I would like > to be sure everything in my user configuration is > there. If something remains wrong, I'll try to fix. > > Thanks, > Maurício Hi Maurício -- Nice to see you here. Long ago, I set some things up for easily sharing my Zsh startup scripts between various computers I use. I did most of this when I was still fairly new to Zsh, so some things might have easier/better ways to do them, but this is how I set mine up. Some features: 1. Automatically runs any files matching .zsh_* in my home dir, excluding vim swap files 2. For running as root, I can just link my normal-user .zshrc and .zshenv files, and it'll detect that they're linked, and use the .zsh_* files from my normal-user directory 3. To override things in the .zsh_* files, I also have .zsh_*- files. (e.g. .zsh_prompt, for general prompt setup, and .zsh_prompt- for system-specific) 4. On some systems, I don't have 'list' access to my actual home dir until I get my AFS tokens, so I read the list of .zsh_* files from ~/.ZSHFILES Here's the section from my .zshrc that handles all this: ##### at the end of my .zshrc ##### # three dirs to check by default dirs=(~/.zsh-scripts ~ ~/.zsh-scripts-) # if this .zshrc is a symlink, use its directory, too SCRIPT=${(%)${:-%N}} if [ -L $SCRIPT ] ; then SCRIPT=$(readlink $SCRIPT) dirs+=($SCRIPT:h) fi for dir in $dirs ; do [ ! -d $dir ] && continue setopt nullglob pushd $dir files=(.zshrc-) if [ -f .ZSHFILES ] ; then files=($files `cat .ZSHFILES`) else files=($files *zsh_*~*.swp~*.zsh_history) fi for file in $files ; [ -r $file ] && source $file popd setopt nonullglob done ##### .zshrc ##### So, in my Mercurial repository, I have the following files: .zsh_aliases .zsh_aliases- .zsh_bluetooth- .zsh_colors .zsh_completion- .zsh_functions .zsh_functions- .zsh_gpg- .zsh_history_setup .zsh_locale .zsh_make_backups- .zsh_math .zsh_prompt .zsh_prompt- .zsh_screen .zsh_ssh .zsh_svn_backup .zshenv .zshenv- .zshrc .zshreminder But, I only really keep these versioned for my 'main' computer. For any other computers I use, I have a script that packages up the ones that aren't machine-specific and dumps it onto my web server. So, when I start using Zsh on a new computer I can do: wget -O - http://benizi.com/zsh.tbz2 | tar -jxvf - # (Nothing sensitive -- that's the actual URL.) .screenrc .vimrc .zsh_aliases .zsh_colors .zsh_functions .zsh_history_setup .zsh_locale .zsh_math .zsh_prompt .zsh_screen .zsh_ssh .zshenv .zshrc Usually the only thing I immediately add is: echo 'PSCOLOR=$BLUE' > ~/.zsh_prompt- (I find it helpful to have different machines' prompts colored differently. PSCOLOR is something used in .zsh_prompt) (Maurício -- The functions I mentioned on the mlterm list are spread across .zsh_prompt and .zsh_colors ) Best, Ben ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-24 22:33 ` Benjamin R. Haskell @ 2008-11-25 17:10 ` Allan Caffee 2008-11-25 18:26 ` (OT?) " Benjamin R. Haskell 2008-11-25 18:32 ` Peter Stephenson 0 siblings, 2 replies; 11+ messages in thread From: Allan Caffee @ 2008-11-25 17:10 UTC (permalink / raw) To: Zsh Users On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell <zsh@benizi.com> wrote: > Long ago, I set some things up for easily sharing my Zsh startup scripts > between various computers I use. I did most of this when I was still fairly > new to Zsh, so some things might have easier/better ways to do them, but > this is how I set mine up. Some features: > > 1. Automatically runs any files matching .zsh_* in my home dir, excluding > vim swap files > > 2. For running as root, I can just link my normal-user .zshrc and .zshenv > files, and it'll detect that they're linked, and use the .zsh_* files from > my normal-user directory That sounds really dangerous. You're offering a hook for someone to execute arbitrary code as root. If someone breaks your user account they could for example add a file in your home directory that resets the root password or does some other really mean things. If you want root to have the same setup as your regular user you should put it somewhere that only root can write. Other than that I have a very familiar setup with Zsh initialization files contained in a Git repository in /usr/local/etc/zsh so that I can keep changes logged and synced between separate systems. Regards, Allan ^ permalink raw reply [flat|nested] 11+ messages in thread
* (OT?) Re: Zsh configuration files 2008-11-25 17:10 ` Allan Caffee @ 2008-11-25 18:26 ` Benjamin R. Haskell 2008-11-25 18:50 ` Matt Wozniski 2008-11-25 18:32 ` Peter Stephenson 1 sibling, 1 reply; 11+ messages in thread From: Benjamin R. Haskell @ 2008-11-25 18:26 UTC (permalink / raw) To: Zsh Users On Tue, 25 Nov 2008, Allan Caffee wrote: > On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell <zsh@benizi.com> wrote: > >> Long ago, I set some things up for easily sharing my Zsh startup >> scripts between various computers I use. I did most of this when I was >> still fairly new to Zsh, so some things might have easier/better ways >> to do them, but this is how I set mine up. Some features: >> >> 1. Automatically runs any files matching .zsh_* in my home dir, >> excluding vim swap files >> >> 2. For running as root, I can just link my normal-user .zshrc and >> .zshenv files, and it'll detect that they're linked, and use the .zsh_* >> files from my normal-user directory > > That sounds really dangerous. You're offering a hook for someone to > execute arbitrary code as root. If someone breaks your user account > they could for example add a file in your home directory that resets the > root password or does some other really mean things. If you want root > to have the same setup as your regular user you should put it somewhere > that only root can write. I was thinking about that as I posted to the list, and since you pointed it out, maybe I'll get some general feedback... (sorry if this is too off-topic) Like many users (I suspect), most of the systems I'm talking about here are essentially single-user systems. I log in under a normal user account, but the only reason not to log in as root is 'rm -rf /' protection. (i.e. so as to not cause unintentional damage.) On other systems, either: 1) I don't have root access, so this doesn't apply 2) The systems are properly secured (running/behind a firewall, non-essential services are off, passwords are strong, system is kept up-to-date, and I only ever log in to my normal account via SSH with keys) [modulo, of course, this discussion] Am I really setting myself up for badness via this automated .zsh_* stuff? And even beyond those reasons... I always got the impression that someone capable of using exploit X to break into a normal user's account had a pretty low barrier to using exploit Y to elevate their privileges to root. Is that not generally the case? [i.e. a system is only secure as its least secure user] Best, Ben ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: (OT?) Re: Zsh configuration files 2008-11-25 18:26 ` (OT?) " Benjamin R. Haskell @ 2008-11-25 18:50 ` Matt Wozniski 0 siblings, 0 replies; 11+ messages in thread From: Matt Wozniski @ 2008-11-25 18:50 UTC (permalink / raw) To: zsh-users On Tue, Nov 25, 2008 at 1:26 PM, Benjamin R. Haskellwrote: > On Tue, 25 Nov 2008, Allan Caffee wrote: > >> On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell >> wrote: >> >>> Long ago, I set some things up for easily sharing my Zsh startup scripts >>> between various computers I use. I did most of this when I was still fairly >>> new to Zsh, so some things might have easier/better ways to do them, but >>> this is how I set mine up. Some features: >>> >>> 1. Automatically runs any files matching .zsh_* in my home dir, excluding >>> vim swap files >>> >>> 2. For running as root, I can just link my normal-user .zshrc and .zshenv >>> files, and it'll detect that they're linked, and use the .zsh_* files from >>> my normal-user directory >> >> That sounds really dangerous. You're offering a hook for someone to >> execute arbitrary code as root. If someone breaks your user account they >> could for example add a file in your home directory that resets the root >> password or does some other really mean things. If you want root to have >> the same setup as your regular user you should put it somewhere that only >> root can write. > > I was thinking about that as I posted to the list, and since you pointed it > out, maybe I'll get some general feedback... (sorry if this is too > off-topic) > > Like many users (I suspect), most of the systems I'm talking about here are > essentially single-user systems. I log in under a normal user account, but > the only reason not to log in as root is 'rm -rf /' protection. (i.e. so as > to not cause unintentional damage.) On other systems, either: > > 1) I don't have root access, so this doesn't apply > > 2) The systems are properly secured (running/behind a firewall, > non-essential services are off, passwords are strong, system is kept > up-to-date, and I only ever log in to my normal account via SSH with keys) > [modulo, of course, this discussion] > > Am I really setting myself up for badness via this automated .zsh_* stuff? Yes. Automatically running code as root that can be written by a regular user is a very bad idea. > And even beyond those reasons... I always got the impression that someone > capable of using exploit X to break into a normal user's account had a > pretty low barrier to using exploit Y to elevate their privileges to root. > Is that not generally the case? [i.e. a system is only secure as its least > secure user] That's not really true at all. It's much harder to get root privileges with a user regular account than to break into the system... and with a setup like yours, you make it much much easier for someone to run arbitrary code as root, and compromise the system entirely. The fact that extracting a tarball in $HOME that extracts a (hidden!) file name .zsh_* can cause a script to be run as root that can do anything at all to the system is very, very bad. ~Matt ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-25 17:10 ` Allan Caffee 2008-11-25 18:26 ` (OT?) " Benjamin R. Haskell @ 2008-11-25 18:32 ` Peter Stephenson 2008-11-25 18:57 ` Matt Wozniski 1 sibling, 1 reply; 11+ messages in thread From: Peter Stephenson @ 2008-11-25 18:32 UTC (permalink / raw) To: Zsh Users On Tue, 25 Nov 2008 12:10:43 -0500 "Allan Caffee" <allan.caffee@gmail.com> wrote: > > 2. For running as root, I can just link my normal-user .zshrc and .zshenv > > files, and it'll detect that they're linked, and use the .zsh_* files from > > my normal-user directory > > That sounds really dangerous. You're offering a hook for someone to > execute arbitrary code as root. If someone breaks your user account > they could for example add a file in your home directory that resets > the root password or does some other really mean things. If you want > root to have the same setup as your regular user you should put it > somewhere that only root can write. It's probably worth pointing out that if you use sudo, as many people do (it's the normal method of accessing root in a lot of places), then it will usually execute your own start up files: the shell starts up essentially as for the user, except with UID 0. Furthermore, the password for accessing root in this case is the same as the user's own. So it seems a lot of people aren't too worried about this aspect. They probably tend not to be sites accesible by the general public. -- Peter Stephenson <pws@csr.com> Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-25 18:32 ` Peter Stephenson @ 2008-11-25 18:57 ` Matt Wozniski 2008-11-26 1:50 ` Richard Hartmann 0 siblings, 1 reply; 11+ messages in thread From: Matt Wozniski @ 2008-11-25 18:57 UTC (permalink / raw) To: zsh-users On Tue, Nov 25, 2008 at 1:32 PM, Peter Stephenson wrote: > On Tue, 25 Nov 2008 12:10:43 -0500 > "Allan Caffee" wrote: >> > 2. For running as root, I can just link my normal-user .zshrc and .zshenv >> > files, and it'll detect that they're linked, and use the .zsh_* files from >> > my normal-user directory >> >> That sounds really dangerous. You're offering a hook for someone to >> execute arbitrary code as root. If someone breaks your user account >> they could for example add a file in your home directory that resets >> the root password or does some other really mean things. If you want >> root to have the same setup as your regular user you should put it >> somewhere that only root can write. > > It's probably worth pointing out that if you use sudo, as many people do > (it's the normal method of accessing root in a lot of places), then it will > usually execute your own start up files: the shell starts up essentially as > for the user, except with UID 0. Furthermore, the password for accessing > root in this case is the same as the user's own. So it seems a lot of > people aren't too worried about this aspect. They probably tend not to be > sites accesible by the general public. "sudo", by default, doesn't start a root shell, and therefore doesn't run shell rc's by default. You can force it to, of course, with something like "sudo -s", but that's not the right way to get a root shell using sudo; you should instead use 'sudo -i' - which changes $HOME and runs the shell specified for the user being switched to in /etc/passwd... And there's no loss of security from allowing users to change to the root account with their own password; though of course sudo can be configured to use the root password instead of the user password... ~Matt ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Zsh configuration files 2008-11-25 18:57 ` Matt Wozniski @ 2008-11-26 1:50 ` Richard Hartmann 0 siblings, 0 replies; 11+ messages in thread From: Richard Hartmann @ 2008-11-26 1:50 UTC (permalink / raw) To: Matt Wozniski; +Cc: zsh-users On Tue, Nov 25, 2008 at 19:57, Matt Wozniski <godlygeek@gmail.com> wrote: > And there's no loss of security from allowing users to > change to the root account with their own password Of course there is: You only need to crack/steal/sniff one password.instead of two. Also, with a root shell, you know that you need to secure it. That might not be the case for sudo with magic cookie. Basically, sudo was never intended to be run with ALL=(ALL) ALL for every single user on the system. Richard ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2008-11-26 1:50 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2008-11-23 12:48 Zsh configuration files Maurício 2008-11-23 13:03 ` Frank Terbeck 2008-11-23 15:30 ` Richard Hartmann 2008-11-24 1:14 ` Maurício 2008-11-24 22:33 ` Benjamin R. Haskell 2008-11-25 17:10 ` Allan Caffee 2008-11-25 18:26 ` (OT?) " Benjamin R. Haskell 2008-11-25 18:50 ` Matt Wozniski 2008-11-25 18:32 ` Peter Stephenson 2008-11-25 18:57 ` Matt Wozniski 2008-11-26 1:50 ` Richard Hartmann
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).