Terje Bless <link@xxxxxxxxx> wrote: > Horst von Brand <vonbrand@xxxxxxxxxxxx> wrote: > >ifconfig(8) is not for luser consumption, and so are lots of others. > `ifconfig` is _also_ for system administrators. Regular users â?? my > Oracle DBAs, say â?? Those aren't "regular users" by a /very/ long shot in my book. > have a legitimate need to check the output of > ifconfig on occasion; and I would just as soon not have to fiddle with > paths or aliases for all those accounts on all the systems I administer. Set up a generic .bashrc for those special accounts then... > I also find it annoying that I either have to type the full path â?? > particularly as it means I have to remember which of > /bin:/usr/bin:/sbin:/usr/sbin the utility in questions resides in â?? or > become root just to check ifconfig output. Use aliases. > Utilities that serve a useful purpose for non-root users should by > default be available in non-root users' path; if in no other way then at > least by way of a symlink in the â??unprivilegedâ?? directory. They are in /bin and /usr/bin. What is in /sbin or /usr/sbin is /not/ for regular user consumption. If they need it, they aren't regular users. > Conversely, utilities that non-root users should not be allowed to use > need to be protected in an effective manner; ... by permission to run only by selected user/group, by internal checks in the utility, by permission checks in the kernel; where you /must/ rely only on the last for real security, just exactly as this has worked from day one (or thereabouts) in Unix... > and removing the directory > from their path is not it. This isn't even security by obscurity, it's > security by obtuseness. It has nothing whatsoever to do with security, and everything with not confusing random users with commands they can't use sensibly. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
