[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /sbin:/usr/sbin in mortal's PATH



On Sat, 6 May 2006, Michael A. Peters wrote:

> On Sat, 2006-05-06 at 15:40 -0400, Chris Tyler wrote:
> > The /sbin and /usr/sbin directories contain many utilities that are
> > useful to non-superusers, such as ifconfig, netstat, arp, fuser, lsusb,
> > runlevel, dumpe2fs, hwclock, lsof, traceroute, and many others.
> > Obviously, most of those utilities can do -more- when run as superuser,
> > but that doesn't diminish their value to mortals.
> >
> > For years, one of the first changes I've made to my Fedora (and RHL)
> > systems is to comment out 'if' in /etc/profile that adds
> > "/sbin:/usr/sbin:/usr/local/sbin" only to the path of the superuser:

I have to agree here. It is the first thing I do. And I shouldn't need to
do it.

The second thing I do is remove the aliases in /root/.bashrc. That I can
understand, and I don't mind doing, since this protects newby users with
root privs.

> > Here's my question: Why don't we take that 'if' in the
> > default /etc/profile, so those directories are in everyone's (default)
> > PATH? Reasoning:
>
> Users who need it can add the following to their bash ~/.profile file:
>
> export PATH=$PATH:/sbin:/usr/sbin
>
> (or /sbin:/usr/sbin:$PATH )

The point is not that they can do it, the point is that:

1) it does not add any security to the system not having these in the path
2) it is annoying for experienced users who are used to these commands
   being in their path.
3) There is no penalty for giving mortals these extra commands.

So instead of telling us how we can fix it in 5 ways on every single box
we install, tell us what the harm would be if mortals have these commands.

Paul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]