/sbin: System binaries
Purpose: Utilities used for system administration (and other root-only commands)
are stored in /sbin, /usr/sbin, and /usr/local/sbin. /sbin contains binaries essential
for booting, restoring, recovering, and/or repairing the system in addition to the
binaries in /bin. Programs executed after /usr is known to be mounted (when there
are no problems) are generally placed into /usr/sbin. Locally-installed system administration
programs should be placed into /usr/local/sbin.
/sbin下面放这一些系统命令:
系统管理工具一般被保存在目录/sbin, /usr/sbin,/usr/local/sbin/下面;另外一些只有root才可以
执行的命令也放在这些目录下面。/sbin包含(除/bin下面包含的命令之外的)用于引导、回复、修复系
统时所必须的命令。当/usr被挂载之后才可以执行的程序通常放置在/usr/sbin下面,自己安装的系统管
理程序应该放置在/usr/local/sbin下面
requirement: there must be no subdirectories in /sbin. the following commands, are required
in /sbin.
对于目录/sbin的要求,有两点:
1、目录/sbin下面不可以有子目录
2、shutdown\fastboot\fasthalt\fdisk\fsck\fsck.*\getty\halt\ifconfig\init\mkfs\mksf.*\mkswap\
reboot\route\swapon\swapoff\update如果有的话必须放在/sbin下面,当然这些命令的二进制文件的符
号链接存在/sbin下面也是被允许的
[19]Deciding what things go into "sbin" diretories is simple: if a normal (not a system administrator)
user will ever run it directly, then it must be placed in one of the "bin" directories. Ordinary users
should not have to place any of the "sbin" directories in their path. We recommend that users have
read and execute permission for everything in /sbin except, perhaps. The division between /bin and
/sbin was not created for security reasons or to prevent users from seeing the operating system, but
to provide a good partition between binaries that everyone uses and ones that are primarily for
administration tasks. There is no inherent security advantage in making /sbin off-limits for users.
决定把那些命令安装在/sbin下面其实很简单:如果一个普通用户经常需要直接运行这个命令,那么这个命令就应该
放在/bin, /usr/bin, 或者/usr/local/bin下面。普通用户不应该放任何东西在sbin相关的路径下面。bin和sbin目录
的区别在于更好的区分每个人用户都可以使用的命令与那些为管理员工作提供的命令,而不是出于系统安全的理由,更
不是为了阻止用户查看操作系统,这一点还望了解。禁止普通用户访问sbin目录带来的安全提升并不明显。