UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

Tomas Mraz tmraz at
Tue Oct 25 07:22:27 UTC 2011

On Tue, 2011-10-25 at 09:06 +0200, Ralf Corsepius wrote: 
> On 10/25/2011 09:02 AM, Harald Hoyer wrote:
> > On 10/24/2011 08:05 PM, Chris Adams wrote:
> >>> ===================================
> >>> #fedora-meeting: FESCO (2011-10-24)
> >>> ===================================
> >>>     * Discussion about
> >>>       (t8m, 17:26:45)
> >>
> >> This sounds interesting (speaking as an admin that typically sets up
> >> servers with separate, ro-mounted, /usr).  I'm not sure about moving
> >> _everything_ to /usr, but I guess that's one approach.  Other Unix
> >> systems I've used have had /bin as a symlink to /usr/bin, but not /sbin
> >> (still kept core system maintenance tools in /sbin on root fs).  I'm
> >> also not sold on eliminating sbin directories (I like having "system
> >> admin" type stuff kept separate), and I don't see why that needs to be
> >> rolled into the same feature (especially as just a footnote, not a
> >> top-line change).
> >
> > What does it gain to have /sbin and /usr/sbin?
> Not molest ordinary users with tools they are not supposed to used.

> > Security through
> > obscurity?
> Right, yes.
Not by any means. Except if we made the whole /usr/sbin unreadable to
regular non-root user. I do not think anyone sensible says that split of
sbin and bin is done due to security. However this is not a problem. The
split is useful for giving regular users only such tools into their
$PATH that make sense to be used by regular users and not to confuse
them with tools that they do not and cannot have any use of.

> > We already have it in $PATH for the normal user.
> Right, Fedora made the mistake to do so.
Exactly. This was not a good move at all. If there were any commands in
sbin that are usable also for regular users then they should have been
moved to bin.

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the devel mailing list