Originally posted by mickyg
My question is should a normal user be able to execute something in an sbin folder? And if so, what's the point of having the sbin folder??
Doesn't this pretty much make the need to su redundant? Allowing a normal user to do this seems to be a security issue to me.
If a user wants to run a file located in /sbin, he just has to get the source file and compile it in his directory. Or he can bring it from a usbstick or even download the binary directly to a directory he has access, so locking the sbin doesnt change a lot.
There are different levels of security:
If he wants to run /sbin/ifconfig, it will be ok. There is no real sensitive info here and he can also get it from /proc (on some distros)
Some files in /sbin don't have the x bit , so he will not manage. He will if he download the binary.
Some files in /sbin checks at the beginning if the user is root , so he won't manage, he can change the source and recompile.
For commands accessing sensitive resource, then the user needs access to this resource (/dev,/proc..)
When you su, you become superuser then you have access to these ressource,...
/sbin has superuser utilities , vital for the boot process.