[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: move kadmin from sbin to bin



On Sat, Jan 07, 2006 at 08:03:31PM +1100, Brian May wrote:

> <URL:http://bugs.debian.org/168170> for the quote (and link) to the
> FHS and the interpretation that kadmin in a "service administration
> programs" rather then a "system administration programs".
> 
> Another user also claims they never run kadmin as root.

The FHS nowhere says that the "system administrator" has to be logged in
as root to use the utilities in /usr/sbin.

The FHS wording is vague enough that it cannot be used to justify a
decision one way or the other. A better definition would be "if I need
special privileges to utilize the main features of the program, then it
should go to /usr/sbin". And since you _do_ need special privileges to
use kadmin, that means kadmin should stay in /usr/sbin. If any user
would be able to at least add new Kerberos principals, then I'd vote for
/usr/bin (and would stop using Kerberos :-)

If kadmin is moved to /usr/bin, then adduser, groupdel, usermod etc.
should also move to /usr/bin with the very same reasoning, since they
implement similar features just using a different database (and
"requires running as root" vs. "requires special Kerberos ACL settings"
is not enough reason to differentiate).

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------