著者: Laurent Bercot 日付: To: dng 題目: Re: [Dng] [dng] vdev status updates
On 05/05/2015 23:03, marcxdv@??? wrote: > Hello
> No, sorry. Doing chown root:admin && chmod 2750 does not give anybody
> in the admin group (the ones who should be allowed to run it) any
> extra rights - they are already running with admin group privileges
Ah, yes, my mistake. The pattern I was thinking of was 4750 on a
thisuser:mygroup binary, to give members of mygroup the access to a
program running with thisuser rights. It works with setuid, but not
setgid, of course.
If you have a collection of binaries that may be setgid and you
want to restrict their rights to group admin, then yes, putting them
all in a directory that can only be accessed by group admin is the
right thing.
However, is /sbin even used that way ? I've never seen that, not in
15 years. But I've never been very curious of the practices of
distributions.
> the thing is that everybody uses a classical unix
> system in a slightly different way - a feature that is considered
> antiquated by some is essential to others, so these structures should
> change slowly and in a backward compatible manner.
Oh, I absolutely agree. Again, I have no intention of fighting against
the existence of /sbin; it's just that if we were to design a directory
structure from scratch today, not much would speak for the creation of
something like /sbin. But legacy is enough of a reason to keep it - it's
not like it's hurting much. :)
> In this regard systemd
> is so irritating since it demolishes so much established code
> to be replaced with something which I think is likely to spald
> and leak in a few years time :)
I don't hate systemd because it goes against conventions. (I like to
challenge conventions, and break them if they don't provide me with
the functionality I need. I try to do it smartly and in a non-obnoxious
way, though.)
I hate systemd because it's a horribly engineered product being forced
down people's throats via propaganda and commercial power. It makes the
open source world look just as hopeless and clueless when it comes to
evaluating software quality as businesses, and that's infuriating.