[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Understanding /root, /usr, /var and so on

On Sun, Mar 26, 2006 at 02:39:51AM -0500, Gene Heskett wrote:
>
> IMO ifconfig is a system function, and the normal user has no need
> for access to it, none, nada, zip.  As the admin, the admin should be
> responsible for that, with those configs locked down for normal users.
>
> Heck, I'm using two subnets here at home with only 3 machines, just
> for that exact reason, seperation of responsibilities.  Call me
> paranoid, but I intend to keep it that way.

Putting files in /sbin rather than /bin doesn't restrict access to them
in any way.  Any user can run programs in /sbin.  Any user can add /sbin
to his PATH.  Also, any user can go to debian.org, download ifconfig,
and install it in his home directory.  Users cannot modify anything with
ifconfig unless they are root; they can only use it to view interfaces.

The only reasons for having a separate /sbin are historical, and even
then they are unclear.  They certainly have nothing to do with security,
which is provided by other means.  Perhaps originally /bin represented
a stable interface for users while /sbin was allowed to be changed by
adminstrators?  *shrug*
Reply to: