Feature changed by: Jan Engelhardt (jengelh) Feature #310311, revision 10 Title: Unify default PATH openSUSE-11.4: Unconfirmed Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Description: The default PATH settings for root and normal users are inconsistent at various places in the distribution: glibc - /usr/include/paths.h: #define _PATH_DEFPATH "/usr/bin:/bin" #define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" coreutils - /etc/default/su: PATH=/usr/local/bin:/bin:/usr/bin SUPATH=/usr/sbin:/bin:/usr/bin:/sbin coreutils - /bin/su: #define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin: /usr/X11R6/bin" #define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin" pwdutils - /etc/login.defs: ENV_PATH /usr/local/bin:/usr/bin:/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin aaa_base - /etc/profile and /etc/csh.login PATH=/usr/local/bin:/usr/bin:/bin PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH sudo: --with-secure-path=/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin ... and probably many more ... The default PATH setting should be made consistent across all tools. Discussion: #1: Jan Engelhardt (jengelh) (2010-08-15 19:16:36) Certainly. Many administrator-level tools (that are in sbin) are also executable and meaningful to a user - like /sbin/ip. The two groups should have the same base PATH. #2: Jan Matejek (matejcik) (2010-08-23 19:21:55) (reply to #1) most administrator-level tools that are meaningful to users are already symlinked to 'bin' - my guess is that if there is a tool that is not symlinked, that is a bug of the current solution, not a conceptual problem #3: Georg Müller (georgmueller) (2010-08-24 18:30:39) (reply to #1) modinfo and tcpdump (e.g. use it to read from a file) are just two of them. I could search for more of them... #4: Juergen Weigert (jnweiger) (2010-08-25 16:26:13) How about looking at the opposite list: Are there any admin-level tools that must not (or should not) be in a user's PATH? + #5: Jan Engelhardt (jengelh) (2010-08-31 02:56:03) (reply to #4) + Well it seems like a good idea that users do not have their time wasted + in tab completion by tools they can definitely not be used as an + unprivileged user, or tools where it does not make sense (like + /sbin/init). I also think that tools that are normally not run as a + user (sshd, apache) should remain in sbin, even if they can be + configured, tricked and abused to run on an unprivileged + configuration. -- openSUSE Feature: https://features.opensuse.org/310311