Running sysadmin programs as non-root (was: issue with volatile clamav and/or freshclam)
Jari Jokinen <info@jarijokinen.com> writes:
> I had the same issue, and found out that it was caused because my
> /sbin directory was chmoded to 700. And I think that's how it should
> be. Or is there any good reason why should I allow non-root users to
> execute binaries in my /sbin directory?
According to FHS version 2.3
<URL:http://www.pathname.com/fhs/pub/fhs-2.3.html>, the purpose of
'/sbin' is twofold:
Purpose
Utilities used for system administration (and other root-only
commands) are stored in /sbin, /usr/sbin, and /usr/local/sbin.
/sbin contains binaries essential for booting, restoring,
recovering, and/or repairing the system in addition to the
binaries in /bin.
So, the binaries in '/sbin' are "utilities used for system
administration", not necessarily "programs only to be run by root".
Tools such as '/sbin/start-stop-daemon', for instance, are used by
non-root system services.
Also, many of the programs in '/sbin' and '/usr/sbin' are useful when
run by non-root, especially to get information without actually
modifying the system. For example, '/sbin/fdisk -l', '/sbin/ip addr',
'/sbin/lsmod', and so on.
--
\ "I don't know anything about music. In my line you don't have |
`\ to." -- Elvis Aaron Presley (1935-1977) |
_o__) |
Ben Finney
Reply to: