Re: AW: AW: FHS pre-2.1 draft #1 on web site
SEJKORA Martin wrote:
>
> >SEJKORA Martin wrote:
> >>
> >> The recommandation in chapter "3.10 /sbin" at page 14 is IMO
> >> contraproductive to the required file "init", because _ANY_ user may
> >> shutdown the system :-<<<. So it is a "security" hole, and this
> >> recommandation should be erased.
> >> It is IMO better to [sym]link commands in /sbin to /usr/bin when they
> >> _really_ should be accessible to everybody.
> [cutted]
>
> >That doesn't mean any user can shut down the system! If so, the
> >permissions on /sbin/init are wrong, and that is completely independent
> >of its location.
>
> Not really: when init is located in /sbin with ownership / permissions set
> to root:root / 0770 then only root may use init, regardless of init's
> permissions.
> In other locations than /sbin or with the permissions of /sbin set to allow
> users read+execute then the permissions of init are to be considered.
>
That is not the point, though. The point is that since /sbin is
normally mode 0755, /sbin/init shouldn't rely on directory permissions.
init, being an inherently root-only program, should not be executable by
non-root users, and/or the program itself should verify appropriate
permissions.
-hpa
Reply to: