On 02/01/12 07:19, Chris Brennan wrote:
> Typically /bin is reserved for binaries executable by everyone on the
> whereas /sbin is *typically* reserved for binaries that are executable by
> only, most of these would typically have the SETUID bit set for root as
> to further prevent non-root users from running them. The same logic would
> extend to /usr/bin, /usr/sbin, and where the BSD's are concerned,
> /usr/local/bin and /usr/local/sbin
Um - the SETUID bit won't prevent non-root users running them. It will
cause those binaries to be executed _as_ root, which is a totally
different thing, and used as little as possible, and with great care.
I think perhaps you meant to suggest that they might typically not be
world- or group-executable, which would prevent non-root users running
them - but they are in fact mostly world-executable, so that's not true
either. The binaries can be executed by root, but often they will fail
due to various permissions problems when a non-root user tries to run them.
On my system, all files in /sbin and /usr/sbin are executable by all
users, and only two (/sbin/mount.nfs and /usr/sbin/pppd) are setuid.
- From: lina <firstname.lastname@example.org>
- Re: sbin
- From: Chris Brennan <email@example.com>