Use of a bash-static

hput · Apr 20, 2022

I see a bash called 'bash-static' as well as normal bash on pkg searches and wondering about any differences in them. I don't mean like that the static one has everything it needs to run, built in.

I'm more thinking about differences in there behavior or capabilities.

Trying out the static bash I see no differences but my usage is quite unsophisticated. I suspect I would never really notice a
difference .

I'd like to be able to depend on having a shell I'm most familiar with since I'm already a bit confused about what I am doing in freebsd. I mean sort of struggling along as one does with something new. I'm fairly familiar with linux where bash is commonly used and is the default. So I've used it quite a lot.

Anyway, baring some differences that seem important I think I'd like to start using the static version for user and for root.
Assuming that is, if I put a copy in /bin it would be accessible even in non ordinary conditions. Or conditions I might find more difficult than usual.

I'd like to here some opinions about that.

gpw928 · Apr 20, 2022

You answered your own question in the first paragraph. The only difference is that the default bash is dynamically linked, and the static one is statically linked. They both install in /usr/local/bin/bash, so you can have one or the other.

It's rare these days to see /usr mounted as a separate file system. It's almost always a directory in the root. The consequence is that bash and all its shared libraries will be available in the root, even in single user mode. There's no advantage to static linking in this situation. In fact, there is a disadvantage, as you lose the substantial memory savings of dynamic linking.

However, if /usr (and the shared libraries used by bash) are separately mounted, your case to have access to bash in single-user mode is sound. BUT you have to move the statically linked bash into the root.

Moving any binary away from its installed location means that you will then have to curate it manually, and take special note of any security updates. You would probably fail a security audit...

cracauer@ · Apr 28, 2022

I wished for the static one just recently. On an EC2 machine I fatfingered a ports/pkg update and ended up with the dynamically linked bash missing a dynamic library. Since bash is the login shell that made login on my user account fail. Root login was disabled in sshd_config. Ooops. It's outside recovery time.

tingo · Apr 28, 2022

Don't mess around with root's default shell unless you know what you are doing.
The only reason for using bash is for interactive use. How hard is it to type one extra command (# bash) when you need to work interactively with the root account?

cracauer@ · Apr 28, 2022

tingo said:
Don't mess around with root's default shell unless you know what you are doing.
The only reason for using bash is for interactive use. How hard is it to type one extra command (# bash) when you need to work interactively with the root account?

If you are replying to me - the root account had a working shell. But I couldn't use it because root login was turned off in sshd.

That is why disabling my user account disabled the installation.

mer · Apr 28, 2022

Static stuff used to be in /sbin for single user mode, /usr/sbin for multi-user but that convention seems to be not totally enforced anymore.

But as to the original question, gpw928 has it answered. "statically linked" vs "dynamically linked". Functionally the same, but one version is larger because it has everything it needs linked in already.

gpw928 · Apr 29, 2022

cracauer@ said:
That is why disabling my user account disabled the installation.

One of the things I always do when I build a FreeBSD system for my own use is build a static shells/pdksh in the ports tree, install it, move the binary into the root, then uninstall it (leaving the binary ksh still in the root). I have to manually update /etc/shells. I then install ksh from the package, to get the dynamically linked binary, man pages, and what ever else comes with the package.

I do have to watch for major bug fixes, and update /bin/ksh manually, but they are rare.

As noted above, I would probably fail a security audit... but I'm the auditor... and I want a stand-alone shell in the root for me:

Code:

[strand.324] $ grep phil /etc/passwd
phil:*:1001:1001:Phil:/home/phil:/bin/ksh
[strand.325] $ ldd /bin/ksh
ldd: /bin/ksh: not a dynamic ELF executable

I have done some sweating at the console in my time, and when that's happening, I want a shell with which I am completely familiar (and which has no external dependencies).

Alain De Vos · Apr 29, 2022

I have a statistically compiled oksh installed in /bin which is my default shell for the "toor" user.
My "root" shell is zsh (which runs all sh scripts)

heasley · Jan 4, 2024

If you need static utilities (or shell) for a recovery operation, many are in /rescue, including /rescue/sh.

kpedersen · Jan 4, 2024

Weirdly, looking at bash-static, it still pulls in gettext and some other GNU cruft as runtime package dependencies. It did this in the past. I think the port is broken again.