On Sun, May 03, 2015 at 06:37:06PM +0200, Joerg Reisenweber wrote:
> On Sun 03 May 2015 11:15:45 Laurent Bercot wrote:
> > I remember 10ish years ago, mount was actually /sbin/mount.
> > It migrated to /bin at some point, probably, as you say, when the
> > "user" mount option was added. I personally think that moving
> > executables between places is a bad thing, and one of the reasons
> > why I'm not a fan of /sbin.
>
> Easy!
> in your dream distro you have no directory tree at all and place *all*
> files into root ;-) Never again you have to move a file to the place
> it belongs to (just kidding). Unless you follow that radical approach,
> any sort of meta info no matter which type attached to an item will
> eventually need update when the semantics of the item changes.

Strawman! (I suppose that you jest.)

This *has* been done before, on a certain *very* minimalist
system that was vaguely and indirectly inspired by *nix.
You just had to make sure that you had the correct "root" filesystem
in the floppy drive.
QDOS/PC-DOS/MS-DOS 1.x is the system referred to.


Now, regarding Laurent's argument that containers obsolete the concept
of some utilities being useless for users:
One of the major uses for containers is to isolate potentially vulnerable
programs from the rest of the system.
Now, suppose one has a possibly vulnerable webserver in a container with
its own network configuration.
Suppose that someone gets a shell (as whatever user the webserver is
running as); would denying them the ability to modify network state be
useful?

This doesn't establish that /sbin is useful, but the concept of having
a limited set of users be able to utilize a program is likely to remain
relevant even with containers, unless you can set them up so that all
administration takes place externally.

A possible use for /sbin on a non-containerized system is to bind-mount
an empty directory over /sbin/ in a private mount namespace for all
non-administrative users.


Thanks,
Isaac Dunham