1

I read that using echo $PATH, for NON-root users should resemble: 

/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/username/bin:

I read that using echo $PATH, for ROOT users should resemble: 

/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin

When I type into echo $PATH, I get: 

/home/uname/bin:/home/uname/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

This looks like what should be the output for a root user. Is this something I should be concerned about, such as there being a "malicious executable program" in my directory giving (unauthorized remote) root access when I have not initiated root access?

Improve this question
7
  • Where did you read that? Commented Jun 9, 2019 at 4:23
  • Please clarify: was the last PATH that you show for a regular user or for root? Is /home/uname the home directory for that user or for some other user? Commented Jun 9, 2019 at 4:31
  • The default $PATH both for the root user and normal users differ widely depending on your distro, custom setup, and other factors. In doubt, look into the extra directories and see what files they contain, find the packages of your distro that contain the files, and then you'll know why it's in the path. The likelyhood that you should be concerned about a "hacker attack" is very low. Commented Jun 9, 2019 at 4:58
  • john1024: for a regular user; uname is my username like for "username@servername" in my $ terminal; I am the only user that I have programmed in; if there is another user, then there is likely a problem. thanks. Commented Jun 9, 2019 at 5:15
  • dirkt: Thanks - I'll take the "hacker attack - very low". I don't know enough about the other things you mentioned to follow the path. Thanks. Commented Jun 9, 2019 at 5:17

1 Answer 1

Reset to default
1

While it is unlikely to be 'malicious' attack,that PATH is something you should be concerned about. Let's consider the directories in that PATH:

/home/uname/bin
/home/uname/.local/bin
/usr/local/sbin
/usr/local/bin
/usr/sbin
/usr/bin
/sbin
/bin
/usr/games
/usr/local/games

I have two comments:

  1. Because /home/uname/bin and home/uname/.local/bin are the first directories listed in the PATH, it is possible for executables there to override standard system executables. It might be that someone believes that such executables are superior to the standard one. Any incompatibility between those executables and the standard ones, however, could easily cause script failures at surprising moments.

    To be sure, putting these directories at the beginning of the PATH is not unusual and can be useful. You should just be aware of the potential downsides.

  2. As you are aware, directories like /usr/local/sbin, /usr/sbin, and /sbin are generally useful only to root. While it is not in any way a security violation to have them in your PATH, it is odd.

Improve this answer
5
  • 1
    Thanks. Someone built this customized computer for me and they may very well have felt that certain executables are superior to the standard ones. Commented Jun 9, 2019 at 5:45
  • 1
    ~/.local/bin is where pip puts binaries, IIRC, and it's often the case that distro's python-based utilities are outdated. Commented Jun 9, 2019 at 5:48
  • @muru Good point. I just checked on my system and the files in ~/.local/bin are all pip-installed upgrades of python executables. Commented Jun 9, 2019 at 6:01
  • Thanks to everyone who answered/ commented. No one seems to think it is a legitimate concern, though I am not advanced enough to understand the last 2 comments by muru/john1024. Commented Jun 10, 2019 at 5:17
  • @sgu55 Good! If this solves your issue, please consider "accepting" the answer. This is the best way to show gratitude on this site. Accepting an answer not only marks the question as resolved, but also signals to future readers that the accepted answer actually solved the issue. More information about this is available here: unix.stackexchange.com/help/someone-answers Commented Jun 21, 2019 at 10:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.