[sf-lug] /usr/sbin

Alex Kleider akleider at sonic.net
Fri May 15 14:06:10 PDT 2020 

On 2020-05-15 12:36, Rick Moen wrote:
> Quoting Alex Kleider (akleider at sonic.net):
> 
>> Some of you may remember my mentioning (on more than one occasion)
>> that some utilities seemed not to come with Debian.
>> Some responded (Rick and Michael if I remember correctly) with what
>> I interpreted to be incredulity/skepticism.  They were right of
>> course but I can now explain the problem and believe it to be one
>> worth sharing.
>> 
>> The Debian install comes with PATH set to a value that does _not_
>> include /usr/sbin which is where the 'missing' utilities lie.
>> Surely this should be considered a 'bug' with regard to the Debian
>> distribution, n'est pas?
> 
> No.[0]
> 
> As you may know, utilities in /usr/sbin and /sbin are ones normally 
> used
> only by the superuser.  The default $PATH for the root user includes 
> those.
> Observe:
> 
>   [rick at linuxmafia]
>   ~ $ echo $PATH
> 
> /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/rick/bin:/home/rick/bin
>   [rick at linuxmafia]
>   ~ $ su -
>   Password:
>   linuxmafia:~# echo $PATH
>   
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
>   linuxmafia:~# exit
>   [rick at linuxmafia]
>   ~ $
> 
> On rare occasions, a non-root user might have cause to run something in
> /sbin or /usr/sbin :  The classic example is /sbin/ifconfig .  But you
> come to know where they are from the rare occasions where you need 
> them,
> and you just furnish the path from memory, e.g., my fingers do
> '/sbin/ifconfig' with the aid of shell tab completion without my having
> to think about it.
> 
> 
> The reason /sbin and /usr/sbin should not be in $PATH for non-system
> users is that it creates various security risks[1], and many of the
> utilties in those directories are dangerous.
> 
> Oh, and the reason my shell session above has 'su -' instead of 'su' is
> to carefully avoid the root user inheriting the non-superuser's shell
> environment, which again would be a security risk, so make a point of
> always including that switch when su-ing to root.


Once again, Rick, you've clarified the situation.
I did not know the difference between
su
and
su -
.

Having in the past always used the former, I was (as you've explained) 
inheriting $PATH from non privileged user and not having access to 
/usr/sbin.

Now it's clear.

And once again, Thankyou!
Alex

More information about the sf-lug mailing list