[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sbin



On 02/01/12 07:19, Chris Brennan wrote:

> 
> Typically /bin is reserved for binaries executable by everyone on the
> system,
> whereas /sbin is *typically* reserved for binaries that are executable by
> root
> only, most of these would typically have the SETUID bit set for root as
> well,
> to further prevent non-root users from running them. The same logic would
> extend to /usr/bin, /usr/sbin, and where the BSD's are concerned,
> /usr/local/bin and /usr/local/sbin

Um - the SETUID bit won't prevent non-root users running them. It will
cause those binaries to be executed _as_ root, which is a totally
different thing, and used as little as possible, and with great care.

I think perhaps you meant to suggest that they might typically not be
world- or group-executable, which would prevent non-root users running
them - but they are in fact mostly world-executable, so that's not true
either. The binaries can be executed by root, but often they will fail
due to various permissions problems when a non-root user tries to run them.

On my system, all files in /sbin and /usr/sbin are executable by all
users, and only two (/sbin/mount.nfs and /usr/sbin/pppd) are setuid.

Richard


Reply to: