Paul Morgan wrote:
The key in any case is to protect your /usr/local... from anyone exceptroot writing to it, and also not to put current directory in root's path.
Excellent idea. Too bad debian doesn't do that out of the box.
/usr/local... doesn't exist so non-admins can put commands in there; they should be putting them in somewhere in their /home or in their apps directories.
I think the point here is that the default debian install leaves /usr/local/bin writable by group staff. This is an easy privilege escalation route, if someone gets a staff group account and drops replacement executables in /usr/local/bin.
From the debian reference, section 9.2.3: "staff membership is useful for helpdesk types or junior sysadmins, giving them the ability to do things in /usr/local and to create directories in /home" -- would you trust them with root?
No, root shouldn't have /usr/local/[s]bin in its path before the standard directories. If root wants customised binaries that override system standard ones, he should customise his path himself to include /root/bin and make sure no-one else has write access to it. You could probably make a case for root not having *any* directories *anywhere* in its path that are writable by anyone other than root.
Randy