From: "Al Sparks" <data345@xxxxxxxxx>
--- "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote:
One thing I think you are missing is that keeping these commands off
a normal user's path is not really a security measure. It is more a
matter of keeping them out of the way of people that would not
normally need access to them. Chances are, they are not going to
stumble across them by accident, but they are there if you do need
to use them. The security is that most actions by the commands
require root permissions. The information function of the commands
still works for normal users.
I don't think I'm missing anything. Actually we mostly agree.
However, I do most of my system work from a normal user account, using
"sudo" when I need to run something as root.
It's easily fixed, but an annoyance, when I set up a new system, and
ifconfig and other /sbin and /usr/sbin commands don't work initially.
Joanne gets picky again: On a single user machine, I agree this level
of precaution is bloody annoying. But 'ix has traditionally been
multiple simultaneous users of varying levels of proficiency. In that
environment these precautions are necessary to maintain uptime and
system integrity. If a luser could "ifdown ppp0" on a remote system
that was normally remotely administered imagine the annoyance that
would generate. "Fail safe" is a really good two word motto and system
configuration option. Methinks it's being done the right way.
Mikkel
=== Al
{o.o} Joanne "Yabut" Dow said that.
