httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <...@cryptocracy.com>
Subject Re: [users@httpd] useradd
Date Mon, 20 Jan 2003 00:23:20 GMT
On Sun, Jan 19, 2003 at 05:49:53PM -0600, Gary Turner wrote:
> M A wrote:
> >i already did add */sbin to my PATH..why is it bad karma?
> 
> Since there is *no* reason to have the path to sbin in user land (after
> all, user can't {shouldn't} run anything there), it only promotes bad
> habits.  Consider that you don't want just anyone to have access to your
> cgi directories or httpd.conf, since there is the possibility of system
> damage---even more so with the OS.  You don't want users to have any
> access to system commands and files.

I disagree - I do as little as possible as the root user, preferring to use
sudo and similar tools.  Leaving out the sbin paths becomes a major PITA,
very quickly.

Putting */sbin into PATH does not grant any special access, and removing 
it does nothing to prevent users from having access to the utilities 
therein - they'd just need to specify the full path!  Finally, users have 
full control over their own PATH - anyone can add whatever they want to 
it.  The exception here is the environment you provide to running 
daemons - cron, httpd, etc - but I don't believe that is what the OP was
talking about.

I'd still love to hear opinions on what damage - or potential damage - is
caused by adding */sbin to PATH, because frankly this is the first time 
I've seen anyone suggest that it's inherently dangerous.

Cheers,


Zac

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message