[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: traceroute in /usr/bin, not /usr/sbin

On Fri, Jun 15, 2001 at 10:46:43PM +1000, Herbert Xu wrote:
> On Fri, Jun 15, 2001 at 12:58:27PM +0200, Marcelo E. Magallon wrote:
> > 
> >  This is from /sbin on my machine at the moment:
> The only criterion that the FHS has on sbin is:
>        Deciding what things go into "sbin" directories is simple: If a normal
>        (not a system administrator) user will ever run it directly, then it
>        should be placed in one of the "bin" directories.  Ordinary users should
>        not have to place any of the sbin directories in their path.

I transliterate this: If a normal (non-administrative) user has a
generally-valid reason to directly run 'foo', then ....
Unfortunately this runs a little bit into the realm of local security

> Let's see:
> > badblocks
> > blockdev
> > cfdisk

cfdisk can be run on user's removable mass-storage device. Zip, jazz, etc.
So should badblocks.

> sbin
> > fdisk

So can fdisk. Needs permissions set correctly, but it can be used
by user with machine access.

> sbin
> > kbdrate

Useful to any user on the console.

> sbin
> > losetup

How does user set up and mount cryptographic fs image without this?

> sbin

-- Ferret

Reply to: