Find the answer to your Linux question:
Results 1 to 6 of 6
Hello everyone! I have a newbie question: As I understand, /sbin and /usr/sbin are directories that include administrative tools that can only be executed by superuser...the question is, if that's ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2009
    Posts
    16

    Lightbulb Question about /sbin


    Hello everyone!

    I have a newbie question:

    As I understand, /sbin and /usr/sbin are directories that include administrative tools that can only be executed by superuser...the question is, if that's so, why do these directories (and most of the commands in it) have 755 permissions by default, and not 700 for example? I read that there some of these commands have a "second validation" mechanism (like shutdown) to be executed, but what about others like ifconfig or yast, which are also under /sbin and /usr/sbin respectively and can be executed by any user?

    Should these directories be changed to 700 for best practices?

    Thanks in advance

  2. #2
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    I would advise against changing permissions on system directories such as /sbin.
    Permissions are fine the way they are because most of the time, a /sbin and /usr/sbin aren't in a users executable path.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  3. #3
    Just Joined!
    Join Date
    Jan 2009
    Posts
    16
    @jayd512

    But even if it's not in a users environment path, any user could cd /sbin and then ./xx any of those commands because most of them are 755 right?

  4. $spacer_open
    $spacer_close
  5. #4
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    Not necessarily.
    Take a look at the output of ls -l for those directories.
    As an example, here is mine for the command fdisk:
    Code:
    -rwxr-xr-x. 1 root root 109040 Jul 11 07:35 fdisk
    The underlined section is the owner of the file, and the group that it goes in, respectively.
    Without being in the root group, a user can't do anything with it.
    The 755 permission just gives access to anyone in the root group.
    That's where sudo comes in.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  6. #5
    Just Joined!
    Join Date
    Jan 2009
    Posts
    16
    Quote Originally Posted by jayd512 View Post
    Not necessarily.
    Take a look at the output of ls -l for those directories.
    As an example, here is mine for the command fdisk:
    Code:
    -rwxr-xr-x. 1 root root 109040 Jul 11 07:35 fdisk
    The underlined section is the owner of the file, and the group that it goes in, respectively.
    Without being in the root group, a user can't do anything with it.
    The 755 permission just gives access to anyone in the root group.
    That's where sudo comes in.
    Isn't a 755 permission a rwx for owner, rx for group and rx for others? for example:
    ================================================== =================
    punyuser@labqro:/sbin> id
    uid=1000(punyuser) gid=1006(ustest) groups=16(dialout),33(video),1001(la1)

    punyuser@labqro:/sbin> cd /sbin

    punyuser@labqro:/sbin> ls -l ifconfig
    -rwxr-xr-x 1 root root 69360 2008-04-22 01:53 ifconfig

    punyuser@labqro:/sbin> ./ifconfig
    eth0 Link encap:Ethernet xxxxxxxxxxxxxxxxxx

    ================================================== =================

    Or am I missing something? :S?

  7. #6
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    The short answer is this:
    You can access the command. But a user isn't going to have proper permissions to make any system changes.
    And the commands listed in /sbin are going to change something on the system is used.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •