On Sun, Mar 26, 2006 at 03:22:06AM -0500, Andrew Cady wrote: > On Sun, Mar 26, 2006 at 02:39:51AM -0500, Gene Heskett wrote: > > > > IMO ifconfig is a system function, and the normal user has no need > > for access to it, none, nada, zip. As the admin, the admin should be > > responsible for that, with those configs locked down for normal users. > > > > Heck, I'm using two subnets here at home with only 3 machines, just > > for that exact reason, seperation of responsibilities. Call me > > paranoid, but I intend to keep it that way. > > Putting files in /sbin rather than /bin doesn't restrict access to them > in any way. Any user can run programs in /sbin. Any user can add /sbin > to his PATH. Also, any user can go to debian.org, download ifconfig, > and install it in his home directory. Users cannot modify anything with > ifconfig unless they are root; they can only use it to view interfaces. > > The only reasons for having a separate /sbin are historical, and even > then they are unclear. They certainly have nothing to do with security, > which is provided by other means. Perhaps originally /bin represented > a stable interface for users while /sbin was allowed to be changed by > adminstrators? *shrug* Hi Andrew, my cobwebbed brain always associates 'sbin' with 2 things: statically linked binaries and sysadmin binaries (which maybe statically linked to allow them to be used when you are in runlevel 'S' and only have /root and /) And 'bin' to be user binaries. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature