Re: traceroute in /usr/bin, not /usr/sbin

[idalton@ferret.dyndns.org]

On Fri, Jun 15, 2001 at 10:46:43PM +1000, Herbert Xu wrote:
> On Fri, Jun 15, 2001 at 12:58:27PM +0200, Marcelo E. Magallon wrote:
> > 
> >  This is from /sbin on my machine at the moment:
> 
> The only criterion that the FHS has on sbin is:
> 
>        Deciding what things go into "sbin" directories is simple: If a normal
>        (not a system administrator) user will ever run it directly, then it
>        should be placed in one of the "bin" directories.  Ordinary users should
>        not have to place any of the sbin directories in their path.

I transliterate this: If a normal (non-administrative) user has a
generally-valid reason to directly run 'foo', then ....
Unfortunately this runs a little bit into the realm of local security
policy...


> Let's see:
> 
> > MAKEDEV
> > badblocks
> > blockdev
> > cfdisk

cfdisk can be run on user's removable mass-storage device. Zip, jazz, etc.
So should badblocks.

> sbin
[snip]
> > fdisk

So can fdisk. Needs permissions set correctly, but it can be used
by user with machine access.

> sbin
[snip]
> > kbdrate

Useful to any user on the console.

> sbin
[snip]
> > losetup

How does user set up and mount cryptographic fs image without this?

> sbin
[snip]

-- Ferret