Re: traceroute in /usr/bin, not /usr/sbin
On Fri, Jun 15, 2001 at 10:46:43PM +1000, Herbert Xu wrote:
> On Fri, Jun 15, 2001 at 12:58:27PM +0200, Marcelo E. Magallon wrote:
> > This is from /sbin on my machine at the moment:
> The only criterion that the FHS has on sbin is:
> Deciding what things go into "sbin" directories is simple: If a normal
> (not a system administrator) user will ever run it directly, then it
> should be placed in one of the "bin" directories. Ordinary users should
> not have to place any of the sbin directories in their path.
I transliterate this: If a normal (non-administrative) user has a
generally-valid reason to directly run 'foo', then ....
Unfortunately this runs a little bit into the realm of local security
> Let's see:
> > MAKEDEV
> > badblocks
> > blockdev
> > cfdisk
cfdisk can be run on user's removable mass-storage device. Zip, jazz, etc.
So should badblocks.
> > fdisk
So can fdisk. Needs permissions set correctly, but it can be used
by user with machine access.
> > kbdrate
Useful to any user on the console.
> > losetup
How does user set up and mount cryptographic fs image without this?