On 05/05/2015 23:03, marc...@welz.org.za wrote:
Hello No, sorry. Doing chown root:admin && chmod 2750 does not give anybody in the admin group (the ones who should be allowed to run it) any extra rights - they are already running with admin group privileges
Ah, yes, my mistake. The pattern I was thinking of was 4750 on a thisuser:mygroup binary, to give members of mygroup the access to a program running with thisuser rights. It works with setuid, but not setgid, of course. If you have a collection of binaries that may be setgid and you want to restrict their rights to group admin, then yes, putting them all in a directory that can only be accessed by group admin is the right thing. However, is /sbin even used that way ? I've never seen that, not in 15 years. But I've never been very curious of the practices of distributions.
the thing is that everybody uses a classical unix system in a slightly different way - a feature that is considered antiquated by some is essential to others, so these structures should change slowly and in a backward compatible manner.
Oh, I absolutely agree. Again, I have no intention of fighting against the existence of /sbin; it's just that if we were to design a directory structure from scratch today, not much would speak for the creation of something like /sbin. But legacy is enough of a reason to keep it - it's not like it's hurting much. :)
In this regard systemd is so irritating since it demolishes so much established code to be replaced with something which I think is likely to spald and leak in a few years time :)
I don't hate systemd because it goes against conventions. (I like to challenge conventions, and break them if they don't provide me with the functionality I need. I try to do it smartly and in a non-obnoxious way, though.) I hate systemd because it's a horribly engineered product being forced down people's throats via propaganda and commercial power. It makes the open source world look just as hopeless and clueless when it comes to evaluating software quality as businesses, and that's infuriating. -- Laurent _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
