On Mon, 2006-08-28 at 01:19 +0100, Timothy Murphy wrote: > Markku Kolkka wrote: > > >> Whatever they do, it is crazy to have two different programs > >> with the same name. > > > > There's just one program, "printconf", and a bunch of symbolic > > links to it. If you go through the symlinks in /usr/bin/, the > > consolehelper program will ask you the root password before > > running printconf as root. > > Well, consolehelper does not appear to me to be a symlink to anything. > It is not a symlink, but takes action depending on how it is called. What is does, as previously noted, is authenticate the user as root before starting/denying the requested application. Try running "ls -l /usr/bin | grep consolehelper" and see how many links there are to that tool (I find 59.) In general, all those tools require root authority to function and would be that many more potential risks in a different security plan. > Obviously the programs are related - it would be bizarre if they weren't - > but to have two programs with the same name which do different things > seems to me a recipe for confusion. They are related in that one is in user space (/usr/bin) and both have the same name. The one in user space authenticates the user then calls the one in admin space (/sbin) (or denies it if authentication fails). > It means that if I type system-config-printer > the effect depends on the definition of $PATH on my system. > True. The normal user, by default has /usr/bin and /bin in their path so it would always get the one in /usr/bin. Root has /sbin and /usr/sbin in the path _before_ /usr/bin so root would always get the one in /sbin instead. Paths can be modified by the user so this premise not always true, but is true for any system running with the default paths (almost all). > To me it is just one more piece of evidence > that whoever wrote this program did not think carefully enough > about what precisely the program is meant to do. > They did think carefully. The present usage handles probably at least 99+% of all cases. Almost all (if not all) of the system-config-XXXXX programs require running with root authority to make the desired/needed changes. The present config ensures that anyone running these programs (with default paths/permissions) has root authority, and makes sure that the program itself does not have to be SUID root. SUID root was the earlier configuration, and is a security risk.