On 2014-12-08 09:16, Shriramana Sharma wrote:
> On Mon, Dec 8, 2014 at 6:31 PM, Austin S Hemmelgarn
> <ahferroin7@gmail.com> wrote:
>> Personally, I prefer a somewhat hybrid approach where everyone has *sbin in
>> their path, but file permissions are used to control what non-administrators
>> can run.
>
> This is exactly the same approach as Ubuntu, since non-superuser can't
> really do anything active (whether creating or deleting) with */sbin
> commands, but only querying (like ifconfig, btrfs subvol list etc). So
> this is not really hybrid of anything it seems.
>
IIRC, Ubuntu relies on the fact that normal users don't have the 
capabilities required for the privileged operations, as opposed to just 
not letting them run the binaries at all.