[Exherbo-dev] ROOTPATH, pam_env and profile.env

Benedikt Morbach moben at exherbo.org
Thu Feb 14 23:43:39 UTC 2013


On Sat, Feb 9, 2013 at 11:46 PM, Saleem Abdulrasool
<compnerd at compnerd.org>wrote:

> What you are proposing strictly violates the FHS.  It explicitly states
> that
> /sbin and /usr/sbin are to be included in PATH for the root user *only*.
>  If you
> wish to ignore this recommendation from the FHS, please state this
> clearly, and
> ideally, provide some justification.  Effectively, what you are proposing
> would
> merge /bin and /sbin, /usr/bin and /usr/sbin.  It seems that the more
> efficient
> way to do this would be to just do that -- merge them and delete /sbin and
> /usr/sbin.
>
I'd be in favor of that.
On a modern system, you can have any set of capabilities and thus be a
subset of root.
With newer kernels (from 3.8 onward, iirc) you can even create a user
namespace as a
unprivileged user and be your own root in there. (you get all caps)

Tools in sbin might over time grow features that are useful for
unprivileged users too.
Moving things is difficult because they may be hardcoded in scripts and you
get to add a symlink for every binary.

I also think that it would be cleaner to just merge the directories, then
we just have to
add the links to skeleton-filesystem-layout.

See also
https://lists.fedoraproject.org/pipermail/devel/2011-October/158845.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.exherbo.org/pipermail/exherbo-dev/attachments/20130215/70cec472/attachment.html>


More information about the Exherbo-dev mailing list