<div class="gmail_quote">On Tue, Dec 6, 2011 at 4:23 PM, Robert Holtzman <span dir="ltr"><<a href="mailto:holtzm@cox.net">holtzm@cox.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="HOEnZb"><div class="h5">On Tue, Dec 06, 2011 at 09:08:44AM -0800, Matt Alexander wrote:<br>
> On Mon, Dec 5, 2011 at 5:22 PM, Robert Holtzman <<a href="mailto:holtzm@cox.net">holtzm@cox.net</a>> wrote:<br>
><br>
> > On Mon, Dec 05, 2011 at 09:15:11AM -0800, Matt Alexander wrote:<br>
> > > Sure, using find or which, etc., can be used to locate a particular app,<br>
> > > but that's not really the point. Why not simplify things and put all<br>
> > > binaries under /usr/bin? Then you don't have to teach users about silly<br>
> > > distinctions like "Oh, see, if it's an app that's meant to be used by a<br>
> > > System Adminstrator, then it goes into /usr/sbin". Who cares? Just put<br>
> > > everything in /usr/bin to keep things simple.<br>
> ><br>
> > There are programs that an admin doesn't want users to run.<br>
> ><br>
><br>
> You're kidding, right?<br>
<br>
</div></div>In view of the fact that the op said *all* binaries, would you, as an<br>
admin, want users of unknown knowledge/ability to have the ability to run<br>
any program in /sbin? That would scare the hell out of me.</blockquote><div><br></div><div>If there's anything in /sbin that when run by unprivileged user does any type of harm to the system, you have much bigger problem on hand. All of those utilities will simply fail and exit with an error if unprivileged user attempts to do anything remotely interesting with them (other then boring and safe things, like look up some world-readable info, etc). So... No, I don't see any problem if some random user puts /sbin in his path. The only difference is he can simply type swapoff, instead of having to type /sbin/swapoff. Or in other words, he'll simply get bunch of useless (for him) utilities included in shell's search path.</div>
</div>