Utilities used for system administration (and other root-only
commands) are stored in /sbin,
/usr/sbin, and
/usr/local/sbin. /sbin
contains binaries essential for booting, restoring, recovering, and/or
repairing the system in addition to the binaries in
/bin.
[18]
Programs executed after
/usr is known to be mounted (when there are no
problems) are generally placed into /usr/sbin.
Locally-installed system administration programs should be placed into
/usr/local/sbin.
[19]
There must be no subdirectories in /sbin.
The following commands, or symbolic links to commands, are
required in /sbin:
| Command | Description |
|---|---|
| shutdown | Command to bring the system down. |
The following files, or symbolic links to files, must be in
/sbin if the corresponding subsystem is
installed:
| Command | Description |
|---|---|
fastboot | Reboot the system without checking the disks (optional) |
fasthalt | Stop the system without checking the disks (optional) |
fdisk | Partition table manipulator (optional) |
fsck | File system check and repair utility (optional) |
fsck.* | File system check and repair utility for a specific filesystem (optional) |
getty | The getty program (optional) |
halt | Command to stop the system (optional) |
ifconfig | Configure a network interface (optional) |
init | Initial process (optional) |
mkfs | Command to build a filesystem (optional) |
mkfs.* | Command to build a specific filesystem (optional) |
mkswap | Command to set up a swap area (optional) |
reboot | Command to reboot the system (optional) |
route | IP routing table utility (optional) |
swapon | Enable paging and swapping (optional) |
swapoff | Disable paging and swapping (optional) |
update | Daemon to periodically flush filesystem buffers (optional) |
[18]
Originally, /sbin binaries were kept in
/etc.
[19] Deciding what things go into
"sbin" directories is simple: if a normal (not a
system administrator) user will ever run it directly, then it must be
placed in one of the "bin" directories. Ordinary
users should not have to place any of the sbin
directories in their path.
For example, files such as chfn which users
only occasionally use must still be placed in
/usr/bin. ping, although it
is absolutely necessary for root (network recovery and diagnosis) is
often used by users and must live in /bin for
that reason.
We recommend that users have read and execute permission for
everything in /sbin except, perhaps, certain
setuid and setgid programs. The division between
/bin and /sbin was not
created for security reasons or to prevent users from seeing the
operating system, but to provide a good partition between binaries
that everyone uses and ones that are primarily used for administration
tasks. There is no inherent security advantage in making
/sbin off-limits for users.