UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

Ralf Corsepius rc040203 at
Wed Oct 26 13:58:34 UTC 2011

On 10/26/2011 03:40 PM, Harald Hoyer wrote:
> On 10/24/2011 08:05 PM, Chris Adams wrote:
>>> ===================================
>>> #fedora-meeting: FESCO (2011-10-24)
>>> ===================================
>>>     * Discussion about
>>>       (t8m, 17:26:45)
> Sometimes you have to clean up your room and tidy up the mess, which
> piled up over time. This cleanup can be done on one day and checked in
> by one person. It's not rocket science! It does not break anything,
> because the compat symlinks will _not_ go away.
> About "sbin": How exactly does "hiding" stuff prevent users, who open a
> _shell_, to use those tools? They cannot do any bad stuff with it anyway.
Think about the tradional difference "su" between "su -" and think about 
bugs in these tools.

A user who doesn't have "sbin" in $PATH isn't exposed to the risks these 
tools might bear.

It's not a means to protect users against malicious intruders, 
comparable to "flaps on switches in real life", it's a mild means to 
protect users against accidents they themselves might expose themselves.

> With the compat symlinks, you even have no path problems anymore with
> any alien scripts you run. All tools are reachable through any standard
> path.

== molesting all users.
== exposing all users.

== equivalent to the adding "sbin" to $PATH mistake ... just different, 
no improvment.

More information about the devel mailing list