Page MenuHomeFreeBSD

sh: Remove /.profile
ClosedPublic

Authored by ivy on Aug 26 2025, 7:05 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 14, 12:11 AM
Unknown Object (File)
Sun, Oct 12, 2:05 PM
Unknown Object (File)
Sun, Oct 12, 2:01 PM
Unknown Object (File)
Fri, Oct 10, 11:22 PM
Unknown Object (File)
Fri, Oct 10, 4:13 PM
Unknown Object (File)
Fri, Oct 10, 4:13 PM
Unknown Object (File)
Fri, Oct 10, 4:13 PM
Unknown Object (File)
Fri, Oct 10, 10:21 AM

Details

Summary

root's home directory was moved to /root many years ago, so there's no
reason to keep this old link. This brings sh in line with csh, where
/.cshrc was removed in dcb65c5a94d4.

As a side-effect, since /.profile doesn't have the @config tag, this
prevents pkgbase upgrades from overwriting /root/.profile.

Relnotes: yes
PR: 289097

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ivy requested review of this revision.Aug 26 2025, 7:05 AM
This revision is now accepted and ready to land.Aug 26 2025, 7:11 AM

Thanks, people.

Commit log messages for D52161 and D52162 should, please, show:

Reported by: Vivek Khera <vivek at khera.org>

(Nickname: Vick.)

Permission to show his name and email address was granted in private chat a few minutes ago.

rgrimes requested changes to this revision.Aug 26 2025, 7:13 PM
rgrimes added a subscriber: rgrimes.

Note that root does NOT have a home of /root when booted single user. Your going to nuke the environment for root when booted single user.

This revision now requires changes to proceed.Aug 26 2025, 7:13 PM
OK boot -s
Loading kernel...
...
Enter full pathname of shell or RETURN for /bin/sh:
root@:/ # echo $HOME
/root
root@:/ #

Thanks,

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

(I'm blissfully ignorant.)

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

I don't see a reason it should not be.

I tried it on my system (the text block above) and confirmed that sh read /root/.profile when booted in single user mode.

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

I don't see a reason it should not be.

I tried it on my system (the text block above) and confirmed that sh read /root/.profile when booted in single user mode.

I actually can't reproduce that result here. If I remove /.profile and add a SECRETVAR to /root/.profile, it's not populated (and I don't really see where we'd get a $HOME from in init or early /bin/sh)

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

I don't see a reason it should not be.

I tried it on my system (the text block above) and confirmed that sh read /root/.profile when booted in single user mode.

I actually can't reproduce that result here. If I remove /.profile and add a SECRETVAR to /root/.profile, it's not populated (and I don't really see where we'd get a $HOME from in init or early /bin/sh)

First to Ed, did you rm /.profile? As if you read the contents you well see that it SETS /home.

To kevans, thanks that confirms that it was /.profile that set home.

First to Ed, did you rm /.profile? As if you read the contents you well see that it SETS /home.

I should have it removed in this test VM, but I see I do have some extra /bin/sh commits in my tree although just diagnostics I think. With Kyle's check though I imagine there's something unusual in my environment so will check.

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

I don't see a reason it should not be.

I tried it on my system (the text block above) and confirmed that sh read /root/.profile when booted in single user mode.

I actually can't reproduce that result here. If I remove /.profile and add a SECRETVAR to /root/.profile, it's not populated (and I don't really see where we'd get a $HOME from in init or early /bin/sh)

First to Ed, did you rm /.profile? As if you read the contents you well see that it SETS /home.

To kevans, thanks that confirms that it was /.profile that set home.

I think I've seen this (valid) argument from you for removing /.profile twice now, but I don't think I've seen you comment on the reason it is like this: how do you feel about trying to set $HOME in init(8) when we invoke the single-user shell?

jrtc27 (intentionally untagged) notes that there's some precedence in sysvinit's sulogin, and systemd's rescue/emergency services:

We already grab getpwnam("root") in init(8), so it doesn't seem like a stretch or invalid to set $HOME to root's pw_dir if we actually found a pwent to work with.

… single user.

Is either .cshrc or .profile intended to be effective in this mode?

I don't see a reason it should not be.

I tried it on my system (the text block above) and confirmed that sh read /root/.profile when booted in single user mode.

I actually can't reproduce that result here. If I remove /.profile and add a SECRETVAR to /root/.profile, it's not populated (and I don't really see where we'd get a $HOME from in init or early /bin/sh)

First to Ed, did you rm /.profile? As if you read the contents you well see that it SETS /home.

To kevans, thanks that confirms that it was /.profile that set home.

I think I've seen this (valid) argument from you for removing /.profile twice now,

Not that I can recall, but perhaps.

but I don't think I've seen you comment on the reason it is like this: how do you feel about trying to set $HOME in init(8) when we invoke the single-user shell?

I think thats creep of shoving a problem in pkg inability to handle the situation by putting a set of bandaids (removal of /.profile being one, adding setting $HOME to init a second.)

This also removes the "feature" of being able to have the single user /.{profile, csh} NOT links as one might have a lot of stuff added to /root/.profile that just wont be applicable when your booted single user.

IMHO, the bug is caused by pkg not being able to handle a hard linked file, and thats kinda a fundemental unix situation and it should probably learn to handle it.

jrtc27 (intentionally untagged) notes that there's some precedence in sysvinit's sulogin, and systemd's rescue/emergency services:

I don't think Linux ever had /.profile or /.cshrc.

This last one is in a su command, how is that applicable to a single user startup?

We already grab getpwnam("root") in init(8), so it doesn't seem like a stretch or invalid to set $HOME to root's pw_dir if we actually found a pwent to work with.

Be careful about when and where you set $HOME, all decendants of init well inherit that won't they?

but I don't think I've seen you comment on the reason it is like this: how do you feel about trying to set $HOME in init(8) when we invoke the single-user shell?

I think thats creep of shoving a problem in pkg inability to handle the situation by putting a set of bandaids (removal of /.profile being one, adding setting $HOME to init a second.)

I'm viewing this as a question independent of whatever motivated this change.

This also removes the "feature" of being able to have the single user /.{profile, csh} NOT links as one might have a lot of stuff added to /root/.profile that just wont be applicable when your booted single user.

IMHO, the bug is caused by pkg not being able to handle a hard linked file, and thats kinda a fundemental unix situation and it should probably learn to handle it.

jrtc27 (intentionally untagged) notes that there's some precedence in sysvinit's sulogin, and systemd's rescue/emergency services:

I don't think Linux ever had /.profile or /.cshrc.

Sure, but this is more generally about setting $HOME in single-user-ish environments.

This last one is in a su command, how is that applicable to a single user startup?

* sulogin	This program gives Linux machines a reasonable
*		secure way to boot single user. It forces the
*		user to supply the root password before a
*		shell is started.

(s)ingle (u)ser (login) rather than (s)witch (u)ser (login), presumably.

We already grab getpwnam("root") in init(8), so it doesn't seem like a stretch or invalid to set $HOME to root's pw_dir if we actually found a pwent to work with.

Be careful about when and where you set $HOME, all decendants of init well inherit that won't they?

This would be in the post-fork environment specifically for the shell that we start in single-user, so that only propagates to whatever you're running in single-user rather than all descendants of init.

It seems reasonable to me to use .profile and other files from root's home directory in single user mode as well. Having no .profile at all in single user mode would be bad. I don't think special logic in pkg for hard links is worth it for this particular special case.

We already grab getpwnam("root") in init(8), so it doesn't seem like a stretch or invalid to set $HOME to root's pw_dir if we actually found a pwent to work with.

This should probably work the same way as login(1):

  • Change directory (chdir()) to the home directory.
  • If changing directory fails, change to / instead and set HOME=/. In this case, there are unlikely to be any shell or other configuration files.

The linked sulogin code looks up the absolute path of the home or root directory using getcwd() and sets HOME from that; I don't think we should do that. It is more work and resolving a symlink is unlikely to be expected (also because regular logins don't do this).

i've temporarily landed D52161 in main to fix the issue with pkg upgrade. note that the motivation behind this change isn't to workaround a pkg issue, it's to be consistent about where we install shell rc files, given that /.cshrc was already removed. if we want to keep /.profile, then for consistency we also need to revert dcb65c5a94d4c622b1d486847dc20488f59974e7; cc @manu.

however i'd rather not do that. you can't really treat /.profile and /.cshrc as "single user mode root profiles" because users without a home directory also get HOME=/, for example if NFS or autofs are down. so what we actually have is one set of rc files for multi-user root login, and another set for both single-user root login and homeless non-root user login. i'm not convinced this is either useful or intentional.

i would like to land this after D52527, which i believe resolves the issue with single user mode.

jilles added inline comments.
ObsoleteFiles.inc
54–55 ↗(On Diff #160987)

This will make it difficult to have a /.profile locally (since make delete-old will delete it again), but pkgbase will fix that, so I think this is fine as it is.

ObsoleteFiles.inc
54–55 ↗(On Diff #160987)

i may just drop this, since there's no particular need to remove it.

This revision was not accepted when it landed; it landed in state Needs Revision.Tue, Sep 30, 6:04 AM
Closed by commit rGd31e342bcc8e: sh: Remove /.profile (authored by ivy). · Explain Why
This revision was automatically updated to reflect the committed changes.