Question about /sbin

**keita_mog** · 08-25-2011

Hello everyone!

I have a newbie question:

As I understand, /sbin and /usr/sbin are directories that include administrative tools that can only be executed by superuser...the question is, if that's so, why do these directories (and most of the commands in it) have 755 permissions by default, and not 700 for example? I read that there some of these commands have a "second validation" mechanism (like shutdown) to be executed, but what about others like ifconfig or yast, which are also under /sbin and /usr/sbin respectively and can be executed by any user?

Should these directories be changed to 700 for best practices?

Thanks in advance

***jayd512*** · 08-25-2011

I would advise against changing permissions on system directories such as /sbin.
Permissions are fine the way they are because most of the time, a /sbin and /usr/sbin aren't in a users executable path.

**keita_mog** · 08-25-2011

@jayd512

But even if it's not in a users environment path, any user could cd /sbin and then ./xx any of those commands because most of them are 755 right?

***jayd512*** · 08-25-2011

Not necessarily.
Take a look at the output of ls -l for those directories.
As an example, here is mine for the command fdisk:

Code:

-rwxr-xr-x. 1 root root 109040 Jul 11 07:35 fdisk

The underlined section is the owner of the file, and the group that it goes in, respectively.
Without being in the root group, a user can't do anything with it.
The 755 permission just gives access to anyone in the root group.
That's where sudo comes in.

**keita_mog** · 08-26-2011

Originally Posted by jayd512

Not necessarily.
Take a look at the output of ls -l for those directories.
As an example, here is mine for the command fdisk:

Code:

-rwxr-xr-x. 1 root root 109040 Jul 11 07:35 fdisk

The underlined section is the owner of the file, and the group that it goes in, respectively.
Without being in the root group, a user can't do anything with it.
The 755 permission just gives access to anyone in the root group.
That's where sudo comes in.

Isn't a 755 permission a rwx for owner, rx for group and rx for others? for example:
================================================== =================
punyuser@labqro:/sbin> id
uid=1000(punyuser) gid=1006(ustest) groups=16(dialout),33(video),1001(la1)

punyuser@labqro:/sbin> cd /sbin

punyuser@labqro:/sbin> ls -l ifconfig
-rwxr-xr-x 1 root root 69360 2008-04-22 01:53 ifconfig

punyuser@labqro:/sbin> ./ifconfig
eth0 Link encap:Ethernet xxxxxxxxxxxxxxxxxx

================================================== =================

Or am I missing something? :S?

***jayd512*** · 08-26-2011

The short answer is this:
You can access the command. But a user isn't going to have proper permissions to make any system changes.
And the commands listed in /sbin are going to change something on the system is used.

Thread Tools

Display

Question about /sbin

Posting Permissions