On Sun, May 03, 2015 at 06:37:06PM +0200, Joerg Reisenweber wrote: > On Sun 03 May 2015 11:15:45 Laurent Bercot wrote: > > I remember 10ish years ago, mount was actually /sbin/mount. > > It migrated to /bin at some point, probably, as you say, when the > > "user" mount option was added. I personally think that moving > > executables between places is a bad thing, and one of the reasons > > why I'm not a fan of /sbin. > > Easy! > in your dream distro you have no directory tree at all and place *all* > files into root ;-) Never again you have to move a file to the place > it belongs to (just kidding). Unless you follow that radical approach, > any sort of meta info no matter which type attached to an item will > eventually need update when the semantics of the item changes.
Strawman! (I suppose that you jest.) This *has* been done before, on a certain *very* minimalist system that was vaguely and indirectly inspired by *nix. You just had to make sure that you had the correct "root" filesystem in the floppy drive. QDOS/PC-DOS/MS-DOS 1.x is the system referred to. Now, regarding Laurent's argument that containers obsolete the concept of some utilities being useless for users: One of the major uses for containers is to isolate potentially vulnerable programs from the rest of the system. Now, suppose one has a possibly vulnerable webserver in a container with its own network configuration. Suppose that someone gets a shell (as whatever user the webserver is running as); would denying them the ability to modify network state be useful? This doesn't establish that /sbin is useful, but the concept of having a limited set of users be able to utilize a program is likely to remain relevant even with containers, unless you can set them up so that all administration takes place externally. A possible use for /sbin on a non-containerized system is to bind-mount an empty directory over /sbin/ in a private mount namespace for all non-administrative users. Thanks, Isaac Dunham _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng