zlacker

[parent] [thread] 4 comments
1. digita+(OP)[view] [source] 2022-05-11 09:54:05
Yes, but you are effectively turning your box into a single user system. And that's fine if you are happy to work that way, but the origins of the directory structure is of course in multiuser UNIX. As a sysadmin, I would not want my /bin /sbin exposed to everyone. In your example I question the security implications of being able to run those binaries outside of root anyway (esp. in a professional environment) if you have your box exposed on a network.
replies(2): >>Athas+f8 >>mekste+Y9
2. Athas+f8[view] [source] 2022-05-11 11:11:13
>>digita+(OP)
> As a sysadmin, I would not want my /bin /sbin exposed to everyone.

Why not? It's not like most of them are suid (right?). Most Unix systems I've used allow any user to peruse /sbin at their leisure and run whatever they want.

replies(1): >>digita+1Z
3. mekste+Y9[view] [source] 2022-05-11 11:31:32
>>digita+(OP)
Do you realize /bin is a symlink to /usr/bin these days?
◧◩
4. digita+1Z[view] [source] [discussion] 2022-05-11 15:37:27
>>Athas+f8
Apologies if I'm missing your point, but yikes - any user on your system can run /sbin/shutdown?
replies(1): >>Athas+T51
◧◩◪
5. Athas+T51[view] [source] [discussion] 2022-05-11 16:10:18
>>digita+1Z
Yes of course, just like on more or less any Linux system. But IIRC, shutdown is a suid binary that will do its own permission checks while running. The permissions on the /sbin/ directory should not matter.
[go to top]