3.16. /sbin : System binaries

3.16.1. Purpose

Utilities used for system administration (and other root-only commands) are stored in /sbin, /usr/sbin, and /usr/local/sbin. /sbin contains binaries essential for booting, restoring, recovering, and/or repairing the system in addition to the binaries in /bin. [18] Programs executed after /usr is known to be mounted (when there are no problems) are generally placed into /usr/sbin. Locally-installed system administration programs should be placed into /usr/local/sbin. [19]

3.16.2. Requirements

There must be no subdirectories in /sbin.

The following commands, or symbolic links to commands, are required in /sbin:

shutdownCommand to bring the system down.

3.16.3. Specific Options

The following files, or symbolic links to files, must be in /sbin if the corresponding subsystem is installed:

fastbootReboot the system without checking the disks (optional)
fasthaltStop the system without checking the disks (optional)
fdiskPartition table manipulator (optional)
fsckFile system check and repair utility (optional)
fsck.*File system check and repair utility for a specific filesystem (optional)
gettyThe getty program (optional)
haltCommand to stop the system (optional)
ifconfigConfigure a network interface (optional)
initInitial process (optional)
mkfsCommand to build a filesystem (optional)
mkfs.*Command to build a specific filesystem (optional)
mkswapCommand to set up a swap area (optional)
rebootCommand to reboot the system (optional)
routeIP routing table utility (optional)
swaponEnable paging and swapping (optional)
swapoffDisable paging and swapping (optional)
updateDaemon to periodically flush filesystem buffers (optional)

[18] Originally, /sbin binaries were kept in /etc.

[19] Deciding what things go into "sbin" directories is simple: if a normal (not a system administrator) user will ever run it directly, then it must be placed in one of the "bin" directories. Ordinary users should not have to place any of the sbin directories in their path.

For example, files such as chfn which users only occasionally use must still be placed in /usr/bin. ping, although it is absolutely necessary for root (network recovery and diagnosis) is often used by users and must live in /bin for that reason.

We recommend that users have read and execute permission for everything in /sbin except, perhaps, certain setuid and setgid programs. The division between /bin and /sbin was not created for security reasons or to prevent users from seeing the operating system, but to provide a good partition between binaries that everyone uses and ones that are primarily used for administration tasks. There is no inherent security advantage in making /sbin off-limits for users.