[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: AW: AW: FHS pre-2.1 draft #1 on web site

SEJKORA Martin wrote:
> >SEJKORA Martin wrote:
> >>
> >> The recommandation in chapter "3.10 /sbin" at page 14 is IMO
> >> contraproductive to the required file "init", because _ANY_ user may
> >> shutdown the system :-<<<. So it is a "security" hole, and this
> >> recommandation should be erased.
> >> It is IMO better to [sym]link commands in /sbin to /usr/bin when they
> >> _really_ should be accessible to everybody.
> [cutted]
> >That doesn't mean any user can shut down the system!  If so, the
> >permissions on /sbin/init are wrong, and that is completely independent
> >of its location.
> Not really: when init is located in /sbin with ownership / permissions set
> to root:root / 0770 then only root may use init, regardless of init's
> permissions.
> In other locations than /sbin or with the permissions of /sbin set to allow
> users read+execute then the permissions of init are to be considered.

That is not the point, though.  The point is that since /sbin is
normally mode 0755, /sbin/init shouldn't rely on directory permissions. 
init, being an inherently root-only program, should not be executable by
non-root users, and/or the program itself should verify appropriate


Reply to: