httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <>
Subject Re: [users@httpd] useradd
Date Mon, 20 Jan 2003 01:22:32 GMT
Zac Stevens wrote:
> On Sun, Jan 19, 2003 at 05:49:53PM -0600, Gary Turner wrote:
>>M A wrote:
>>>i already did add */sbin to my PATH..why is it bad karma?
>>Since there is *no* reason to have the path to sbin in user land (after
>>all, user can't {shouldn't} run anything there), it only promotes bad
>>habits.  Consider that you don't want just anyone to have access to your
>>cgi directories or httpd.conf, since there is the possibility of system
>>damage---even more so with the OS.  You don't want users to have any
>>access to system commands and files.
> I disagree - I do as little as possible as the root user, preferring to use
> sudo and similar tools.  Leaving out the sbin paths becomes a major PITA,
> very quickly.
> Putting */sbin into PATH does not grant any special access, and removing 
> it does nothing to prevent users from having access to the utilities 
> therein - they'd just need to specify the full path!  Finally, users have 
> full control over their own PATH - anyone can add whatever they want to 
> it.  The exception here is the environment you provide to running 
> daemons - cron, httpd, etc - but I don't believe that is what the OP was
> talking about.
> I'd still love to hear opinions on what damage - or potential damage - is
> caused by adding */sbin to PATH, because frankly this is the first time 
> I've seen anyone suggest that it's inherently dangerous.
> Cheers,
> Zac

only danger is in unauthorised root access, either by hacker or a legit 
user getting root access by error.
the more difficult getting the command to run ( like having to type 
entire path ) the less damage can be done accidently.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message