On Sun, Mar 26, 2006 at 02:39:51AM -0500, Gene Heskett wrote: > > IMO ifconfig is a system function, and the normal user has no need > for access to it, none, nada, zip. As the admin, the admin should be > responsible for that, with those configs locked down for normal users. > > Heck, I'm using two subnets here at home with only 3 machines, just > for that exact reason, seperation of responsibilities. Call me > paranoid, but I intend to keep it that way.
Putting files in /sbin rather than /bin doesn't restrict access to them in any way. Any user can run programs in /sbin. Any user can add /sbin to his PATH. Also, any user can go to debian.org, download ifconfig, and install it in his home directory. Users cannot modify anything with ifconfig unless they are root; they can only use it to view interfaces. The only reasons for having a separate /sbin are historical, and even then they are unclear. They certainly have nothing to do with security, which is provided by other means. Perhaps originally /bin represented a stable interface for users while /sbin was allowed to be changed by adminstrators? *shrug* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
