few ideas how to make fedora better as a desktop
seth vidal
skvidal at fedoraproject.org
Wed Mar 26 13:30:08 UTC 2008
On Wed, 2008-03-26 at 08:18 -0500, inode0 wrote:
> 2008/3/26 Jesse Keating <jkeating at redhat.com>:
> > On Tue, 2008-03-25 at 12:02 -0600, Gian Paolo Mureddu wrote:
> > > but being as /sbin paths are
> > > meant for administrative tasks, I actually do see having them as part of
> > > a regular user's PATH a potential security risk.
> >
> > That's completely bogus. A "hidden path" offers 0 security. If you
> > don't want your users running them, set the permissions on the binary,
> > or better yet, have the binary check the EUID of the caller. If
> > non-root, display that the command is for root users, but also allow the
> > user to get --help and other usage or informational output from the
> > command. Just don't allow non-root users to apply anything. There
> > really is no reason I can think of to hide this crap in a different
> > directory. It just adds needless complication and confusion.
>
> Is Fedora committed to the FHS? Or is Red Hat still committed to it?
>
> The purpose was for root only programs of a certain class to be
> located in /sbin for example but including non-root programs there
> does muddy the experience for the end user. However I do think it is
> cleaner to make those programs available to a user by means other than
> adding /sbin to the default path of a normal user. A few links are
> cheap. Would links for those in /usr/bin clash with the FHS?
1. The FHS makes no rules about the default PATH setting for users/root
2. The FHS has no problems with symlinks for the files it requires
in /sbin and /usr/sbin
So changing the defaults away from a 'hidden' /sbin and /usr/sbin would
not violate the FHS.
-sv
More information about the Fedora-desktop-list
mailing list