[PLUG] sudoers still not working

Jeme A Brelin jeme at brelin.net
Sat Nov 29 13:50:02 UTC 2003


On Sat, 29 Nov 2003, Anthony Schlemmer wrote:
> Wouldn't you want /usr/local/bin before /usr/bin, etc?

I can see a school of thought (I'm not saying it exists) that would treat
/usr/local as the repository for custom versions of things that might
conflict with a shared /usr/bin or /bin, but I've never seen such a thing.

Usually, I've seen /usr/local used as a shared space for local executables
built by admin and non-admin staff for use in that environment.  That
meant, in these cases, that /usr/local was WRITABLE BY NON-ADMINS (usually
the staff group).  This opens you up to all kinds of trojans and
unintentional conflicts.

If /usr/local/bin precedes ANYTHING in your path, you should constantly
check to see if anything there has the same name as something from your
essential operating system packages (/sbin and /bin for sure, but probably
also /usr/sbin and /usr/bin).

Those are my bits.
J.
-- 
   -----------------
     Jeme A Brelin
    jeme at brelin.net
   -----------------
 [cc] counter-copyright
 http://www.openlaw.org




More information about the PLUG mailing list