[sf-lug] /usr/sbin

Rick Moen rick at linuxmafia.com
Fri May 15 12:36:19 PDT 2020 

Quoting Alex Kleider (akleider at sonic.net):

> Some of you may remember my mentioning (on more than one occasion)
> that some utilities seemed not to come with Debian.
> Some responded (Rick and Michael if I remember correctly) with what
> I interpreted to be incredulity/skepticism.  They were right of
> course but I can now explain the problem and believe it to be one
> worth sharing.
> 
> The Debian install comes with PATH set to a value that does _not_
> include /usr/sbin which is where the 'missing' utilities lie.
> Surely this should be considered a 'bug' with regard to the Debian
> distribution, n'est pas?

No.[0]

As you may know, utilities in /usr/sbin and /sbin are ones normally used
only by the superuser.  The default $PATH for the root user includes those.
Observe:

  [rick at linuxmafia]
  ~ $ echo $PATH
  /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/rick/bin:/home/rick/bin
  [rick at linuxmafia]
  ~ $ su -
  Password:
  linuxmafia:~# echo $PATH
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
  linuxmafia:~# exit
  [rick at linuxmafia]
  ~ $

On rare occasions, a non-root user might have cause to run something in 
/sbin or /usr/sbin :  The classic example is /sbin/ifconfig .  But you 
come to know where they are from the rare occasions where you need them,
and you just furnish the path from memory, e.g., my fingers do
'/sbin/ifconfig' with the aid of shell tab completion without my having
to think about it.


The reason /sbin and /usr/sbin should not be in $PATH for non-system
users is that it creates various security risks[1], and many of the
utilties in those directories are dangerous.

Oh, and the reason my shell session above has 'su -' instead of 'su' is
to carefully avoid the root user inheriting the non-superuser's shell
environment, which again would be a security risk, so make a point of 
always including that switch when su-ing to root.



[0] Occasionally, a newcomer opens up a bug to that effect against
Debian.  It gets closed with a polite explanation about why this is
an intentional $PATH omission.

[1] The reason I'm being vague, here, is that I've forgotten details, 
and can't take the time to re-research that, at present.

More information about the sf-lug mailing list