[krbdev.mit.edu #6348] kadmin and ktutil installed in sbin, should be bin
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Fri Jan 23 21:03:25 EST 2009
This is Debian bug http://bugs.debian.org/477296
kadmin and ktutil are installed into ADMIN_BINDIR, which generally means
sbin. However, sbin is normally intended for binaries that only make
sense to be run by the local system administrator as root. The separate
directory is used mainly to avoid putting those binaries on the user's
path when they can't do anything useful with them. See, for instance:
http://www.pathname.com/fhs/pub/fhs-2.3.html#SBINSYSTEMBINARIES
Neither kadmin nor ktutil require root privileges on the local system.
kadmin may require administrative access to a Kerberos realm, but that's
not the same case as the /sbin vs. /bin distinction; the user on the
local system running kadmin is generally a normal user. Plus, both
binaries are used for manipulating non-system files; kadmin ktremove
requires no special access to any network service and is a reasonable
thing for an application administrator to do from a non-privileged account.
I'd like to move them to /usr/bin in the Debian package, but I don't
really want to diverge from the MIT distribution. I think both should
be moved to the regular /bin directory by the MIT install process as well.
More information about the krb5-bugs
mailing list