If you want to know if it's safe in terms of security risks you can get some idea from Zsh changelog or the CAN-CVE
: Z-shell (no version tag): 12 hits. Last is CVE-2007-6209. GNU Bourne-Again SHell (no version tag): 4 hits. Last one is CVE-2000-1134. Or Secunia.com: Zsh (v4): 1 advisory in 2007. Bash (v3): none. Bash (v2): not listed. If you want to know if it's safe in terms of shell compatibility, Zsh seems Sh (Bourne) and Korn Shell compatible (Zsh FAQ
) (also see Wikipedia shell comparison
and compare to Bourne-Again SHell).
From a traditional (system-centric, architectural, rigid) point of view the root account is not a user account, meaning it's there to sustain system functions. Obviously the only task of the system is to keep the system alive ; -p so anything that potentially damages the system in terms of reliability, stability, continuity should be avoided. Your /usr being part of / is a good point, but from a "best practices" point of view I would suggest leaving the root shell alone. You shouldn't be using the root shell for script developing anyway. While the Zsh site provides coverage for converting from Bash to Zsh, still changing the root account shell to Zsh would mean you would have to review every script (from initscripts to cronjobs to custom scripts) that is executed by root for potential breakage.
Finally, I wouldn't use Zsh for root-executed scripts for fear of getting addicted to Zsh-isms (says someone who knows he should be scripting in Bourne Sh or Heirloom Jsh instead of Bash2). True, not much of a point if you only have to care for one system, but I've found it's a realistic hazard if you need to care for cross-platform compatibility.