On Mon, 2004-01-12 at 19:35, Adam Kosmin wrote: > But by commenting out the uid check, you're adding /sbin, /usr/sbin, and > /usr/local/sbin, to the environment of all users on the system. My > understanding is that this is a no-no when it comes to securing the > system. Security-wise its irrelevant except that it may cause administrators think they have to login as root to run programs with root privileges. Placing /usr/sbin in the PATH may break applications which use the PAM consolehelper. Which means programs that must run as root (e.g. redhat-config-*) will not properly prompt for a password. Those applications will instead fail to run at all or run unprivileged causing confusion and frustration. This one is meant for normal users (i.e. it asks for the root password): $ ls -l /usr/bin/redhat-config-network lrwxrwxrwx 1 root root 13 Nov 13 15:00 /usr/bin/redhat-config-network -> consolehelper* This one is meant for root (consolehelper executes this one): $ ls -l /usr/sbin/redhat-config-network -rwxr-xr-x 1 root root 178 Oct 28 08:11 /usr/sbin/redhat-config-network* If one feels they must place /usr/sbin in the PATH for normal users then make sure it is the very last item (i.e. pathmunge /usr/sbin after). For non-root users the PATH should be similar to this: PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin -- David Norris http://www.webaugur.com/dave/ ICQ - 412039
Attachment:
signature.asc
Description: This is a digitally signed message part
