On Mon, Dec 02, 2024 at 09:38:28AM +0800, kindusmith wrote:

1. First, root and ordinary users will not be able to use commands in each other's directories, which will greatly increase their security

(typical level of argumentation)

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmdNT2wtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh aY4P+waX/e4WWqARalNGQ/wf+O9Qfl/Bw7t4cjKuh1cWNvKysCEIU+5GeThWeKBX JjN00SHwmDbU77rrBNO5nfIYPVkFKWnr/zpjzPIHyexK1JZqavOVHjh7mEXDMyx+ ETn6ODBfyQ4l9qqqVwIh0+UdnDfov3pb/aGuwXvNNJGg4ms0yXhmZe63MWqNNTom eF7jeH8pyASFJdgnfMdEE/uFV/UXW8rYSdtAwyaVAsGpwGKCGe/K0Fzs3X/Uksp/ 9Bhghg7S1lpwKqenNmCFmqrRTF6mDyYuf6CgvX8RKUSiG4s/muvb8kDj+iLLxfX5 /LqovnOZ5v+virK6MzP+Ijf7qPhOZifoX97YTIQpGTubrX/3mACYrp4KC2KUTfj8 Hnsyw1wcGu/Uw+quLIVYh3khJeEMbqJ7+g2m3UuojY3VZ4fzz5nzmTSyJy8nDSMg zE9lIBWVjbnXlftlioYeX//Mm5beavOFInsoD5r3rpftyVL6ePwzAN6rzde6MvmP DBhQlPdx4EFWwIq9FNWxNFzXGI2PjBK1fM+T5kK0S/ziCDEaK3Hdv6fcsHyXHp96 X6GbWUlG1yFrFndJXksBlAQ4UXdNszdhDePTeN0jFRsRif7JPwbB23xBakhKirEP E1eyC4+v3LSoOZr5d+Pyjr3TC1IUmkrhh2UyQVdT75J3yqzf
=9UJQ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon Dec 2, 2024 at 1:38 AM GMT, kindusmith wrote:

1. First, root and ordinary users will not be able to use commands in
each other's directories, which will greatly increase their security

This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin
share a partition or not has no relationship to whether a user can
invoke a command, or whether that path is searched for unqualified
command names (determined by $PATH).

2. If /usr is partitioned separately instead of a unified / partition, ordinary users can also use commands in /usr/bin, which increases convenience

This is also incorrect for the same reasons as explained above.

--
Please do not CC me for listmail.

👱🏻 Jonathan Dowland
✎ jmtd@debian.org
🔗 https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 12/2/24 18:39, Jonathan Dowland wrote:

This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin
share a partition or not has no relationship to whether a user can
invoke a command, or whether that path is searched for unqualified
command names (determined by $PATH).

FWIW, I do think that even with user namespaces weakening the
distinction between admin and non-admin users, having things you
normally need root privileges for not take part in tab completion is
still useful to people who use text terminals.

I understand that in the shiny future there are only services that
should be started by making an RPC call to a supervisory daemon (so not
even root should have them in the path), and tools to make RPC calls
(that are potentially useful to any user), but that shiny future has not arrived yet, and in the meantime, all it does is annoy console users.

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Simon Richter <sjr@debian.org> [241202 12:20]:

Hi,

On 12/2/24 18:39, Jonathan Dowland wrote:

This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin
share a partition or not has no relationship to whether a user can
invoke a command, or whether that path is searched for unqualified
command names (determined by $PATH).

FWIW, I do think that even with user namespaces weakening the distinction between admin and non-admin users, having things you normally need root privileges for not take part in tab completion is still useful to people who use text terminals.

I understand that in the shiny future there are only services that should be started by making an RPC call to a supervisory daemon (so not even root should have them in the path), and tools to make RPC calls (that are potentially useful to any user), but that shiny future has not arrived yet, and in the meantime, all it does is annoy console users.

In the meantime I've added /usr/sbin to my PATH, so I get working
tab completion in my terminals for my daily work.

Good luck,
Chris

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2 Dec 2024, at 09:10, Andrey Rakhmatullin <wrar@debian.org> wrote:

On Mon, Dec 02, 2024 at 09:38:28AM +0800, kindusmith wrote:

1. First, root and ordinary users will not be able to use commands in each >> other's directories, which will greatly increase their security

(typical level of argumentation)

The ability to isolate users from commands that they can’t use anyway is a nice touch, but the kernel and the utilities should handle the first line, IMHO.

I also personally prefer /bin and /sbin separate, and like to have a /usr/local for self-compiled stuff to keep tidy, but that’s not a hill I’d prefer (or have the time) to die on.

Cheers,

H.

--
WBR, wRAR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 02, 2024 at 12:30:52PM +0300, Hakan Bayındır wrote:

1. First, root and ordinary users will not be able to use commands in each >> other's directories, which will greatly increase their security

(typical level of argumentation)

The ability to isolate users from commands that they can’t use anyway is a nice touch, but the kernel and the utilities should handle the first line, IMHO.

My point is that it makes no sense, as unfortunately is typical for these
kinds of complaints.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmdNpk8tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh /Q0P/3lTkqYXCw4CjpRPb5NnGzImItBaXm+pzfCovuztV8eZKW1cIKrSmUxeVPN1 5iuXBVT6rDs3LBqWcUrcBuH+oxGWMkosYXVWePqPYUzIKfeOg+hrLpFOC5qLB3nx gNnzdpnf+ORqq9BKx0yDUEgKjxQoOPHk07PdQhHQ9KeNmGlq0mZFuOJqnKxGSvc9 NHr64bossXPZvgFovPcMPhv73hYwA1L0kirV5yHo93G8bOV6Lh0FwPOGrrtM7Mho 0sgKj4wrhNos7ce6uy71mNP7Q0ClRkSZ4Hsn9Tx2HkIGsZWcCJGwQ9Y/ZJm/f/9F CLiqnwSy6jlHzF2GkTUbDeRPwiGk6oUirkl1lU1SjU716z8BlymdcVsYQALJClPj B8O3mLBkyZoa5EXRAhbqtfaAnB65CEv8sbJkeDwXiZstsG660TLyi8PVR339550k kc2UasjMmX66g1tZTJl/xrpU5FAMlv0T0WBTA0PblQ1B1lIkwEu8kpTy3wxtWN/r QEeG8FDu/QCNqDYdkNmh2I52GFoSe94eLEhsFqSjNsZYqD7wNiYKRoc7a71qOw8z eO38sF/FTvS1L0iWhJZn1Cq9F3l6RijU1t567lF/3ORe3RbZPvkLyqxRc6eoxUMe UKboBg3K7spbzruhJKn+kpTXfELFHmBpr5JwZ4G7AHoR0GMK
=aEfd
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 2, 2024, 11:20 Simon Richter <sjr@debian.org> wrote:

Hi,

On 12/2/24 18:39, Jonathan Dowland wrote:

This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin
share a partition or not has no relationship to whether a user can
invoke a command, or whether that path is searched for unqualified
command names (determined by $PATH).

FWIW, I do think that even with user namespaces weakening the
distinction between admin and non-admin users, having things you
normally need root privileges for not take part in tab completion is
still useful to people who use text terminals.

This is not and never was the purpose of /sbin and /usr/sbin. It was a bit
of mistaken confusion when someone at redhat first thought of removing them from users' PATH and represented a kind of lost memory of the history of
this distinction.

/sbin and /usr/sbin were always in everyone's path and should be. There are essential programs that are useful to every user in there. It's incredibly annoying when coming across systems that get this wrong.

The purpose of /sbin and /usr/sbin was to have statically linked essential programs needed to bring up the network, mount filesystems, and do basic
admin work in case your large storage device which might require those
tools to mount or repair. This is a necessary feature to achieve a lot of
other things like shared /usr volumes and dumb terminals with minimal
storage.

Everything old is new again and dumb terminals with no local storage are
now called cattle servers or netbooks and achieve this in different ways. Saving storage is hardly a priority when cheap laptops have terabytes of storage and being able to manually administer a server when it's off the network isn't how things are done these days. So shared mounted /usr and a minimal /sbin isn't seen as very useful.

Personally I don't understand wanting to burn down something useful that
could be useful in the future even if it's currently unfashionable. These
kinds of things have a way of coming back.

But it's absolutely not about user paths or security benefits. (Though
shared mounted /usr actually did have some security benefits). It's about breaking the dependency cycles and being able to start up the system
workout requiring the entire world to be there already.

<div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 2, 2024, 11:20 Simon Richter &lt;<a href="mailto:sjr@debian.org">sjr@debian.org</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>

On 12/2/24 18:39, Jonathan Dowland wrote:<br>

&gt; This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin<br> &gt; share a partition or not has no relationship to whether a user can <br> &gt; invoke a command, or whether that path is searched for unqualified <br> &gt; command names (determined by $PATH).<br>

FWIW, I do think that even with user namespaces weakening the <br>
distinction between admin and non-admin users, having things you <br>
normally need root privileges for not take part in tab completion is <br>
still useful to people who use text terminals.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">This is not and never was the purpose of /sbin and /usr/sbin. It was a bit of mistaken confusion when someone at redhat first thought of
removing them from users&#39; PATH and represented a kind of lost memory of the history of this distinction. </div><div dir="auto"><br></div><div dir="auto">/sbin and /usr/sbin were always in everyone&#39;s path and should be. There are essential
programs that are useful to every user in there. It&#39;s incredibly annoying when coming across systems that get this wrong.</div><div dir="auto"><br></div><div dir="auto">The purpose of /sbin and /usr/sbin was to have statically linked essential
programs needed to bring up the network, mount filesystems, and do basic admin work in case your large storage device which might require those tools to mount or repair. This is a necessary feature to achieve a lot of other things like shared /usr
volumes and dumb terminals with minimal storage. </div><div dir="auto"><br></div><div dir="auto">Everything old is new again and dumb terminals with no local storage are now called cattle servers or netbooks and achieve this in different ways. Saving
storage is hardly a priority when cheap laptops have terabytes of storage and being able to manually administer a server when it&#39;s off the network isn&#39;t how things are done these days. So shared mounted /usr and a minimal /sbin isn&#39;t seen as
very useful.</div><div dir="auto"><br></div><div dir="auto">Personally I don&#39;t understand wanting to burn down something useful that could be useful in the future even if it&#39;s currently unfashionable. These kinds of things have a way of coming
back.</div><div dir="auto"><br></div><div dir="auto">But it&#39;s absolutely not about user paths or security benefits. (Though shared mounted /usr actually did have some security benefits). It&#39;s about breaking the dependency cycles and being able to
start up the system workout requiring the entire world to be there already.</div><div dir="auto"><br></div><div dir="auto"><br></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi all,

while we are at it maybe we could also phase out /usr/games? Each time
I think that making a container image with cowsay for teaching purposes
is a good idea, I fail miserably because I forget that /usr/games is not
in the container path by default…

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from work, https://fediscience.org/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 02, 2024 at 11:50:17AM +0000, Greg Stark wrote:

This is not correct. Whether any of /usr/bin,/usr/sbin,/bin or /sbin share a partition or not has no relationship to whether a user can
invoke a command, or whether that path is searched for unqualified command names (determined by $PATH).

FWIW, I do think that even with user namespaces weakening the
distinction between admin and non-admin users, having things you
normally need root privileges for not take part in tab completion is
still useful to people who use text terminals.

This is not and never was the purpose of /sbin and /usr/sbin. It was a bit
of mistaken confusion when someone at redhat first thought of removing them from users' PATH and represented a kind of lost memory of the history of
this distinction.

/sbin and /usr/sbin were always in everyone's path and should be. There are essential programs that are useful to every user in there. It's incredibly annoying when coming across systems that get this wrong.

The purpose of /sbin and /usr/sbin was to have statically linked essential programs needed to bring up the network, mount filesystems, and do basic admin work in case your large storage device which might require those
tools to mount or repair. This is a necessary feature to achieve a lot of other things like shared /usr volumes and dumb terminals with minimal storage.

Just like /usr is no longer used for user homes, /sbin and especially
/usr/sbin is no longer for what you said, so it's not a feature that
people recently decided to throw out, it's something one would already
need to create from scratch if they wanted it.

But it's absolutely not about user paths or security benefits. (Though
shared mounted /usr actually did have some security benefits). It's about breaking the dependency cycles and being able to start up the system
workout requiring the entire world to be there already.

(we use a different solution for this problem nowadays)

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmdNq+EtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh gd0P/jzpowaWcuDevz0GHadyueU8hKApNiSe63jHz62NeVqPM/AvUwPbC2mQFwee AxTl8y7GQ5rObbOIiMlqUz1k+Ishotm54byBUclnc2La+qWnXXM54Ofp0tgzQY4b FVfzY/St/IvjWfG6DKzlPZo0qDBF+rCskvxLHWmZFILPQudMRzjPJn6G7Y4LmGTl L1Nensby0koBZl63hV82yIbN10nlf4HfjUxc9Kafjqu1eztqumWIseZfx9Vr7QNF n/Bl4nBBIDldNO8iyMkPijigxahKIvuOAUse7CBPWvQ/CJIHZqDzJPrOECGazxZt PL9zCLop01k4DUBSsRz20rXUIqfChBg+lDJCiCXwgRdu2AqTRJXZvT8bNy01Z5jx R3WggDwkgYqUThnjA1JRRuzoCOhqk+RR0rstAEfA9gbqInNRiHONhxE2lgghtBCD TIsy2NmRpCiMVbAQXm3ac9fGLodogrBoefLcLX5+CbqRJIhrIavNm6m3MN9+0Zwo AM1A3EBTuzAUurhO+3/Lhh1s30YlvoqivnJ8Zzc/Oofw08aZTF+jxcbXMC/CdyUL 0wMCtPr76nSgrAVQ/a0SZR5lM5+w/Lo+tZUITnZnYidcYqytzqszuSBEearhltt/ v7aSNZGW7E/87itL6YeqKHmSU3u9kjvnuAnLjAvidIEH0DO8
=IXAJ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 02, 2024 at 06:46:52AM -0600, rhys wrote:

1. First, root and ordinary users will not be able to use commands in each
other's directories, which will greatly increase their security

(typical level of argumentation)

[...]

It's quite simple, and has nothing to do with security.

You've missed the context, even though you've kept it in your quotes.

I have not. There are muiltiple issues being discussed in this thread, not just the one you mentioned in your message.

Security has nothing to do with it. No user who is a security threat will be thwarted by an inability to specify /sbin manually (or update $PATH).

Read the original email.

I did.

Perhaps you don't understand that sometimes a person can see more than one side of an argument at a time.

I suggest that you read MY e-mail more thoroughly - along with other messages from this same thread - and quote what I said if you want anyone to know what you're talking about.

--J

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 02, 2024 at 06:46:52AM -0600, rhys wrote:

1. First, root and ordinary users will not be able to use commands in each
other's directories, which will greatly increase their security

(typical level of argumentation)

[...]

It's quite simple, and has nothing to do with security.

You've missed the context, even though you've kept it in your quotes.

Security has nothing to do with it. No user who is a security threat will be thwarted by an inability to specify /sbin manually (or update $PATH).

Read the original email.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmdNsEUtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh OjMP+QGnkJBa6AIHrHwWwUQ/DAeOFbAq4c0nLityaUpWqr+iA92HLYlP8NH7F9qb 5iWOG3Y+sIglmGLGpjFIubDfZ4XyCYjB2YPB8iMQVKGd9QrQliv/iw1q88vcFHa8 1FTzqcOTaqnbRcAjVz+RvFD5Ma66hPBV4jzz9waV2zBI3ZtFnnXiqPi8cvsWi9c1 N/V6SPzdWz8p8+tzulyrM2rR+kRGvJCP49H/O2/JFomIwdXPPwZHtXgvnEK6QM7j dmxG2/FZfLLwpu4maHYG/r4TYTtyT3ersL97THLVgpz3m2yneFxpNfPbUKDrSknk KZTS2u9wSdoyLnYi4Kcj0tabwlrEEF0EpvKHPwgIKiBK+dVwCmhd6RwwbKU5YvC2 W/KgLDQ8PqSitCQ/hOwgdVqiZl4fVF5f6wRYTLuDocK3UnEri10cbur/x/pO3zSd aag+cLkVyH9nsYW4/M5MngdOZZGpTHsoFzrH+Pu8/0IOcaFxVOvaagotPr0U9ER4 02xAvUvNS5YeYPbUFP6fKfNYwM0bbYfIno3OLv6UNGH7nljSDp1PL0BDOXGat4qV ptRSGZ/91ZQXzw1sYKVX1LtUVvCxoow0T0MDTlVzgkP848/lJRZnPVJSiUpsVVhs PnaBAlWV98ieiKJfqETE8nHE/g565x75LDPss6Jg28HQdZX1
=BfK0
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Dec 02, 2024 at 12:30:52PM +0300, Hakan Bayındır wrote:

1. First, root and ordinary users will not be able to use commands in each >>>> other's directories, which will greatly increase their security

(typical level of argumentation)

The ability to isolate users from commands that they can’t use anyway is a nice touch, but the kernel and the utilities should handle the first line, IMHO.

My point is that it makes no sense, as unfortunately is typical for these kinds of complaints.

It does make sense, even if your extremely short replies indicate that you don't want to see it.

It's quite simple, and has nothing to do with security.

Tab-completion becomes less and less useful as the number of items in the PATH grows.

Keeping "admin" vs. "non-admin" things out of the PATH is really the one "clean" break you can have to improve the performance of tab-completion without hobbling the system. (It doens't help root, but root needs to go carefully anyway and shouldn't be a
daily occurence.)


If that's not something of value to you, then it "won't make sense"... from your perspective.


Security has nothing to do with it. No user who is a security threat will be thwarted by an inability to specify /sbin manually (or update $PATH).

--J

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le Sun, Dec 01, 2024 at 08:40:15PM -0600, G. Branden Robinson a Θcrit :

https://css.csail.mit.edu/6.824/2014/papers/plan9.pdf

Of course, these advantages have become impossible now with the
merging of directories

No. Not impossible. One simply has to overcome inertia and the
nostalgia that many leading lights in the Linux community have for 1980s
Unix systems.

As I understand it, the division of root and /usr file systems
originates in the capacity limits of disk packs for the DEC PDP-11 and
VAX-11 series of computers. It's of a piece with the 640kB RAM limit afflicting the IBM PC architecture.

In other words, nonsense that should be discarded with great force at
the first opporunity, which arrived decades ago.

You could say the same about any single feature of UNIX remaining in
Debian...

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)