On 02/01/12 07:19, Chris Brennan wrote: > > Typically /bin is reserved for binaries executable by everyone on the > system, > whereas /sbin is *typically* reserved for binaries that are executable by > root > only, most of these would typically have the SETUID bit set for root as > well, > to further prevent non-root users from running them. The same logic would > extend to /usr/bin, /usr/sbin, and where the BSD's are concerned, > /usr/local/bin and /usr/local/sbin
Um - the SETUID bit won't prevent non-root users running them. It will cause those binaries to be executed _as_ root, which is a totally different thing, and used as little as possible, and with great care. I think perhaps you meant to suggest that they might typically not be world- or group-executable, which would prevent non-root users running them - but they are in fact mostly world-executable, so that's not true either. The binaries can be executed by root, but often they will fail due to various permissions problems when a non-root user tries to run them. On my system, all files in /sbin and /usr/sbin are executable by all users, and only two (/sbin/mount.nfs and /usr/sbin/pppd) are setuid. Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f00d082.30...@walnut.gen.nz