On Wed, 2008-03-26 at 08:18 -0500, inode0 wrote:
2008/3/26 Jesse Keating jkeating@redhat.com:
On Tue, 2008-03-25 at 12:02 -0600, Gian Paolo Mureddu wrote:
but being as /sbin paths are meant for administrative tasks, I actually do see having them as part of a regular user's PATH a potential security risk.
That's completely bogus. A "hidden path" offers 0 security. If you don't want your users running them, set the permissions on the binary, or better yet, have the binary check the EUID of the caller. If non-root, display that the command is for root users, but also allow the user to get --help and other usage or informational output from the command. Just don't allow non-root users to apply anything. There really is no reason I can think of to hide this crap in a different directory. It just adds needless complication and confusion.
Is Fedora committed to the FHS? Or is Red Hat still committed to it?
The purpose was for root only programs of a certain class to be located in /sbin for example but including non-root programs there does muddy the experience for the end user. However I do think it is cleaner to make those programs available to a user by means other than adding /sbin to the default path of a normal user. A few links are cheap. Would links for those in /usr/bin clash with the FHS?
1. The FHS makes no rules about the default PATH setting for users/root 2. The FHS has no problems with symlinks for the files it requires in /sbin and /usr/sbin
So changing the defaults away from a 'hidden' /sbin and /usr/sbin would not violate the FHS.
-sv