On Sun, Dec 17, 2006 at 01:10:30PM +0000, Brad Rogers wrote:
On Sun, 17 Dec 2006 04:56:30 -0800
Freddy Freeloader <fredddy@cableone.net> wrote:
Hello Freddy,
all aspects of the tools available, but all users still have execute
permissions there.
Why is this done? I can't really see a good reason for it. What am
I missing?
I can't answer your query as such. However, you are aware, I hope,
that not all users have /sbin in their $PATH? So, even though all
users have execute permission, not all users can get at the directory,
anyway.
You don't need a program in your path to execute it.
Check out the debian-policy manual and the harden-doc package. This is
addressed somewhere I just can't remember where. It made sense whatever
it was.
I think it has to do with the ability to do something with a command is
determined other than by who can execute the command. Thus anyone can
run cfdisk on a drive and see the partition table, but only users in
group disk can do anything with it. Such fine-grained control would be
impossible if it only relied on execute permissions.
Doug.