From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-83786-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EB36F1382C5
	for <garchives@archives.gentoo.org>; Thu,  8 Feb 2018 22:33:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B9450E0BE1;
	Thu,  8 Feb 2018 22:33:45 +0000 (UTC)
Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 487AAE0B1A
	for <gentoo-dev@lists.gentoo.org>; Thu,  8 Feb 2018 22:33:45 +0000 (UTC)
Received: by mail-pg0-x241.google.com with SMTP id a11so2309241pgu.13
        for <gentoo-dev@lists.gentoo.org>; Thu, 08 Feb 2018 14:33:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to;
        bh=9+DjkjL8XbkTC4qQjrJVLt/ulW+2+IGpVioTEpc5nzU=;
        b=eT73DFv0HOjoNQ1BMQbWLUDuQXZK3PLUjfod4mdxn0A+ra5SnKViDg3yZaBP4iIJba
         N/v+yEkDG5QIQ5fk3BW2WYxNf/5zNgQ4V9R02Skqn1B132FS/lrbY7jxCL7cUBuHhExQ
         pvPyZAd9nKN8AtImq34RtN3deZciDg31U9D+3OhlGaMx10tjdiJ8N+jTttrBZ++eOP1w
         NpAuahJl84Y9eJJSDEoJbaKBgEe+WAWLoavc+V4c0B5hwTRKbaRUvGZoTkigCOLvtQon
         jxbOr99ZonKfJdwcKvwlRExGpTnL6MLmrrduYMH15aKP+d8Djhi3/suXIAnmRUy9Elpc
         OQHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to;
        bh=9+DjkjL8XbkTC4qQjrJVLt/ulW+2+IGpVioTEpc5nzU=;
        b=EdbHT0XMmNjgJ7udQLX8lPEK0qA5O36nnHAUNHCI8LlzHOZ8igDUzoeV4Q0HsJizGs
         vrYRlyG7gNqpIrzwuPMa1TBTYaY/MUKjpy7khFlKO8MPWse6kIEdCuW0Qj/ptQe2QaS4
         42EaxepuU8TN2tDqVbSNAPjC04DxyKCTxL3Bd3d0tGvOHzLOQWCXIOu98i1MGyYJAgaZ
         KRoQ9EeBBFxqyQC1Chlh+98fCImx2H6RcYmwfGShBpen1PS+1r+Fd/Q8NVJI5jzXywHQ
         cGmWnUsLZ+TDGHHTSKDGe05M8FxK7FZzbY6pIcVb7Qg+l/hWmZDk596fvEgQUflIuYgr
         At8A==
X-Gm-Message-State: APf1xPCXIpswfCjKfkdUAMHowsmC8Y8N0GPvtyDs5hd/khJjGeI+Tjei
	vPZkY69YydcSfr1J/ubR06gD261LYupiMz9f5WQiMQ==
X-Google-Smtp-Source: AH8x227g7fz9SW7v28WmCiFIhnRdhk/NbRqySoAmM5xOCFTV09bEnaiMOLOGoqcBOZPC4t+y4ZEsV23LczQbvS6L7zo=
X-Received: by 10.99.114.19 with SMTP id n19mr554105pgc.143.1518129224018;
 Thu, 08 Feb 2018 14:33:44 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: freemanrich@gmail.com
Received: by 10.100.134.1 with HTTP; Thu, 8 Feb 2018 14:33:43 -0800 (PST)
In-Reply-To: <a9328f5b-90d3-b51d-7112-ddaf0537d174@iee.org>
References: <20180208195256.GA32376@whubbs1.gaikai.biz> <CAJ0EP41frnT7vuGn1yQSQ60FKOT5bcJbigYfc-4j8K9Pb3vewQ@mail.gmail.com>
 <23164.46578.955475.114066@a1i15.kph.uni-mainz.de> <CAJ0EP42sG4w6kYcSuBreV8JL=titcEGQhmh272UEFQC2v+BXHQ@mail.gmail.com>
 <20180208221306.GB359@whubbs1.gaikai.biz> <a9328f5b-90d3-b51d-7112-ddaf0537d174@iee.org>
From: Rich Freeman <rich0@gentoo.org>
Date: Thu, 8 Feb 2018 17:33:43 -0500
X-Google-Sender-Auth: n4vsR8qqI7iuRdYrAdKOlwj5EPk
Message-ID: <CAGfcS_m2Mw_DmON2TJSFQShc9PJ2Hz6DuQz=hAin+rQNRA2o3A@mail.gmail.com>
Subject: Re: [gentoo-dev] newsitem: baselayout 2.5 changes
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Content-Type: text/plain; charset="UTF-8"
X-Archives-Salt: 5ce6a0ce-4d06-487e-af7a-31ebc89c6a56
X-Archives-Hash: 34941562cf01aa74c7d278465e52d1be

On Thu, Feb 8, 2018 at 5:17 PM, M. J. Everitt <m.j.everitt@iee.org> wrote:
>
>
> On 08/02/18 22:13, William Hubbs wrote:
>> On Thu, Feb 08, 2018 at 03:55:02PM -0500, Mike Gilbert wrote:
>>> However, there are plenty of examples of commands that normal users
>>> may run from sbin. Moving these commands often causes problems for
>>> packages that either hard code absolute paths, or detect paths at
>>> build time. I think it would be less disruptive to add sbin to PATH
>>> than it would be to try and "fix" all the packages that install
>>> commands in the wrong place.
>> There are no reasons to remove the *sbin directories from PATH; I know
>> of no other distros that do this.
>>
>> William
>>
> Pardon my ignorance, but does that mean you are essentially relying on
> file system features/permissions and security settings to enforce
> correct use of system tools?! Or is this just to make sudo/etc commands
> 'more convenient' ?!

If you're depending on binaries not being in the PATH for security,
you're doing it wrong.  If you're depending on filesystem
features/permissions (other than the SUID bit or POSIX capability
settings) for security when it comes to performing privileged
operations, you're also doing it wrong.

There are actually quite a few binaries in /sbin and /usr/sbin which
can be useful for non-root users.  Sure, we could go through there
carefully and move stuff to /bin but honestly doing what everybody
else does and just sticking /sbin in the default path makes more
sense.

If you're typing p<tab> to find a command then adding an extra ~20
commands to the ~850 that are listed on my system isn't going to break
the bank.

-- 
Rich