On Wed, 2008-03-26 at 20:29 -0400, Jesse Keating wrote:
On Wed, 2008-03-26 at 15:12 -0600, Gian Paolo Mureddu wrote:
Sarcastic disclaimer.
Why not install all binaries into /bin, /usr/bin, /usr/local/bin and be done with it, then? Why EVEN have another path, anyway? Better yet, why don't we follow Ubuntu and make sudo the default, make regular users have admin rights! Why do we even need root? What's that? Geeze, I mean why even keep an ancient file system layout?
Believe it or not, these are all pretty useful suggestions.
Links to (/usr)/sbin can be maintained for legacy or FHS compliance. However due to shortcomings in RPM this isn't feasible. Instead we'll just munge the normal user's path so that (s)he doesn't have to go hunting for useful tools.
Hm. Most of the commands found in {/usr,}/sbin only make sense for a user with elevated privileges, i.e. root. Those that also make sense for normal users (e.g. tools which provide read-only access as well like ip/ifconfig, sysctl, etc.) could easily be hardlinked into the bin directories on the same level without much hassle on the RPM side of things.
Sudo should (optionally) be the default for the first user added, like say through firstboot. A checkbox that would have to be cleared that will drop the user in the wheel group which by default has sudo rights (that way we don't have to munge the sudors file).
Sudo is all fine and dandy if you think about the command line, but this is still a "legacy" way of doing things. Mind that as long as they're in good order I'm all for keeping "legacy" as "legacy" often also means "tried and true". I also don't see a reason why "legacy" and new ways can't coexist.
"root" is a legacy concept. Either the local user is also the admin, or the admin is a site wide admin where local root accounts are just jokes and instead things are done as sudo, or through config management systems.
"root" is only a legacy concept inasmuch as UIDs are seen as users, not as roles that someone assumes temporarily, e.g. by way of sudo or PolicyKit/dbus proxies. Keeping the privileged role separate from the normal role, even for the primary user of a system, is one line of defense against malware.
I also agree that ancient filesystem layouts are needless confusion. They (almost) made since way back in the day, but fear of chance has kept them coming forward into modern day operating systems where they're just not needed, and only add confusion and frustration. "Where do I install this binary into? What level man page do I give this?" etc...
Man pages are a particularly bad example, as it's not only "What level man page do I give this?" but also "What level is this man page I want to read?" -- "man foo" almost always displays the wrong one if there are multiple.
Other than that, the distinction and compartmentalization between / and /usr is quite sound -- the former contains the basic set of tools and libraries to bootstrap the system, regardless of where from the rest comes. If disaster strikes, a small root volume is much less likely to be than a giant single volume and it gives me the tools necessary to salvage what is salvageable.
Nils