From Fedora Project Wiki
(don't use strikethrough in the targeted release field - we have fragile scripts and stuff)
 
(25 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->


= Unify `/bin` and `/sbin` =
= Unify `/usr/bin` and `/usr/sbin` =


{{Change_Proposal_Banner}}


== Summary ==
== Summary ==
The `/usr/sbin` directory becomes a symlink to `bin`, which means paths like `/usr/bin/foo` and `/usr/sbin/foo` will point to the same place. `/bin` and `/sbin` are already symlinks to `/usr/bin` and `/usr/sbin`, so effectively `/bin/foo` and `/sbin/bar` will also point to the same place. `/usr/sbin` will be removed from the default `$PATH`.
The `/usr/sbin` directory becomes a symlink to `bin`, which means paths like `/usr/bin/foo` and `/usr/sbin/foo` point to the same place. `/bin` and `/sbin` are already symlinks to `usr/bin` and `usr/sbin`, so effectively `/bin/foo` and `/sbin/foo` also point to the same place. `/usr/sbin` will be removed from the default `$PATH`. The same change is also done to make `/usr/local/sbin` point to `bin`, effectively making `/usr/local/bin/foo` and `/usr/local/sbin/foo` point to the same place. The definition of `%_sbindir` will be changed to `%_bindir`, so packages will start using the new directory after a rebuild without any further action. Maintainers ''may'' stop using `%_sbindir`, but don't need to.


== Owner ==
== Owner ==
Line 13: Line 12:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF42]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
Line 20: Line 19:


<!-- Select proper category, default is Self Contained Change -->
<!-- Select proper category, default is Self Contained Change -->
<!-- [[Category:SelfContainedChange]] -->
[[Category:SystemWideChange]]


* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f40 / Fedora Linux 40]
* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f42 Fedora Linux 42]
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
Line 30: Line 29:
ON_QA -> change is fully code complete
ON_QA -> change is fully code complete
-->
-->
* [<will be assigned by the Wrangler> devel thread]
* [https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/OUNAAHIVSYMNXHJ2AMTE5FEPNLSB5RMZ/ Announced]
* FESCo issue: <will be assigned by the Wrangler>
* [https://discussion.fedoraproject.org/t/f40-change-proposal-unify-usr-bin-and-usr-sbin-system-wide/99853 Discussion thread]
* Tracker bug: <will be assigned by the Wrangler>
* FESCo issue: [https://pagure.io/fesco/issue/3135 #3135]
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2267022 #2267022]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: <will be assigned by the Wrangler>


Line 38: Line 38:
The split between `/bin` and `/sbin` is not useful, and also unused. The original split was to have "important" binaries statically linked in `/sbin` which could then be used for emergency and rescue operations. Obviously, we don't do static linking anymore. Later, the split was repurposed to isolate "important" binaries that would only be used by the administrator. While this seems attractive in theory, in practice it's very hard to categorize programs like this, and normal users routinely invoke programs from `/sbin`. Most programs that require root privileges for ''certain'' operations are also used when operating without privileges. And even when privileges are required, often those are acquired dynamically, e.g. using `polkit`. Since many years, the default `$PATH` set for users includes both directories. With the advent of systemd this has become more systematic: systemd sets `$PATH` with both directories for all users and services. So in general, all users and programs would find both sets of binaries.
The split between `/bin` and `/sbin` is not useful, and also unused. The original split was to have "important" binaries statically linked in `/sbin` which could then be used for emergency and rescue operations. Obviously, we don't do static linking anymore. Later, the split was repurposed to isolate "important" binaries that would only be used by the administrator. While this seems attractive in theory, in practice it's very hard to categorize programs like this, and normal users routinely invoke programs from `/sbin`. Most programs that require root privileges for ''certain'' operations are also used when operating without privileges. And even when privileges are required, often those are acquired dynamically, e.g. using `polkit`. Since many years, the default `$PATH` set for users includes both directories. With the advent of systemd this has become more systematic: systemd sets `$PATH` with both directories for all users and services. So in general, all users and programs would find both sets of binaries.


One additional use of the `/bin`—`/sbin` split is `consolehelper`. In this approach, the user-facing program (`/bin/foo`) is a symlink to `/bin/consolehelper`, which is a suid binary that elevates privileges and calls the "real" `foo` (`/sbin/foo` or `/usr/libexec/foo`). Most uses of consolehelper have been moved to polkit (https://fedoraproject.org/wiki/Features/UsermodeMigration), but some users remain (https://bugzilla.redhat.com/show_bug.cgi?id=502765). Use of `/sbin` for the privileged program is incompatible with the proposed merge; those packages will need to be adjusted (see Scope below).
One additional use of the `/bin`—`/sbin` split is `consolehelper`. In this approach, the user-facing program (`/bin/foo`) is a symlink to `/bin/consolehelper`, which is a suid binary that elevates privileges and calls the "real" `foo` (`/sbin/foo` or `/usr/libexec/foo`). Most uses of consolehelper have been moved to polkit (https://fedoraproject.org/wiki/Features/UsermodeMigration), but some users remain (https://bugzilla.redhat.com/show_bug.cgi?id=502765). Use of `/sbin` for the privileged program is incompatible with the proposed merge; those packages will need to be adjusted to move the binary that requires privileges under `/usr/lib` or `/usr/libexec` (see Scope below).


Since generally all user sessions and services have both directories in `$PATH`, this split actually isn't ''used'' for anything. Its main effect is confusion when people need to use the absolute path and guess the directory wrong. Other distributions put some binaries in the other directory, so the absolute path is often not portable. Also, it is very easy for a user to end up with `/sbin` before `/bin` in `$PATH`, and for an administrator to end up with `/bin` before `/sbin` in `$PATH`, causing confusion. If this feature is dropped, the system became a little bit simpler, which is useful especially for new users, who are not aware of the history of the split.
Since generally all user sessions and services have both directories in `$PATH`, this split actually isn't ''used'' for anything. Its main effect is confusion when people need to use the absolute path and guess the directory wrong. Other distributions put some binaries in the other directory, so the absolute path is often not portable. Also, it is very easy for a user to end up with `/sbin` before `/bin` in `$PATH`, and for an administrator to end up with `/bin` before `/sbin` in `$PATH`, causing confusion. If this feature is dropped, the system became a little bit simpler, which is useful especially for new users, who are not aware of the history of the split.
Line 46: Line 46:
== Feedback ==
== Feedback ==
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/TRQ3I7BDTHG6N7WQEQ7PMK3P6PVWXQMI/
"Programs in /usr/bin have their documentation in section 1 of the manual, while programs /usr/sbin are documented in section 8."
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NALSOW35LXN6HZPULMQ46WXNGZO4SYK4/
<blockquote>
"The manual sections have historical meaning:
  https://en.wikipedia.org/wiki/Man_page#Manual_sections
  eg.
  1 = general commands
  8 = system administration
So unless the tools themselves are changing their purpose or are in
the wrong section now, the manual sections should stay the same."
</blockquote>


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 56: Line 74:
== Scope ==
== Scope ==
* Proposal owners:
* Proposal owners:
<!--
** Implement `split-bin=auto` in systemd: in this mode, systemd will check at runtime whether `/usr/sbin` is a symlink to `/usr/bin`, and if yes, behave like with `split-bin=no`, and otherwise `split-bin=yes`.
** Implement `split-bin=auto` in systemd: in this mode, systemd will check at runtime whether `/usr/sbin` is a symlink to `/usr/bin`, and if yes, behave like with `split-bin=no`, and otherwise `split-bin=yes`.
** Adjust systemd package to build with `-Dsplit-bin=auto`.
** Adjust systemd package to build with `-Dsplit-bin=auto`.
** Adjust `%_sbindir` in `/usr/lib/rpm/macros` (part of `rpm` package). Packages will be updated automatically during the mass rebuild.
-->
** Add a `%filetrigger` to setup package to create symlinks to `../bin/foo` for every `foo` that is uninstalled from `/usr/sbin`.
** Adjust `%_sbindir` in `/usr/lib/rpm/macros` (part of `rpm` package) to evaluate to `%_bindir`. Packages will be updated automatically during the mass rebuild.
** Add a `%posttrans` trigger to setup package to check that `/usr/sbin` only contains symlinks and do `ln -fs bin /usr/sbin`.
** Add a `%filetrigger` to `filesystem` package to create symlinks to `../bin/foo` for every `foo` that is uninstalled from `/usr/sbin`.
* Other developers: programs which user consolehelper and install the same name under both directories will need to be adjusted to use a different directory. Some of those packages may be retired instead. See list below.
** Add a `%posttrans` trigger to `filesystem` package to check that `/usr/sbin` only contains symlinks and do `ln -fs bin /usr/sbin`. (Those scriptlets make it easier to have a smooth transition. At all times, the old paths will still work. After the transition is complete we can drop the scriptlets and provide the `/usr/sbin` symlink in the `filesystem` package.)
** Adjust systemd package to build with `-Dsplit-bin=no`.
** File a pull request for Packaging Guidelines to stop mentioning `%{_sbindir}`. The macro will remain defined to avoid breakage of packages which use it.
 
* Other developers:
** Packages which install to hardcoded `$DESTDIR/usr/sbin`, but then use `%{_sbindir}` in `%files`, will need to be adjusted.
** Packages which use consolehelper and install the same name under both directories will need to be adjusted to use a different directory. Some of those packages may be retired instead. See list below.


* Packages using usermode with binaries in both directories:
* Packages using usermode with binaries in both directories:
Line 74: Line 99:
** `xawtv`
** `xawtv`


* Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Packages which package a symlink in `/usr/sbin` that will need to be dropped:
** opensmtpd
** rpcbind
** policycoreutils
** systemd-udev
 
* Release engineering: [https://pagure.io/releng/issue/11863 #11863] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.  
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.  
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
Line 125: Line 156:


== Contingency Plan ==
== Contingency Plan ==
* Undo the changes to macro definitions in `rpm` and rebuild some or all packages.
* If the move of a binary of any specific package causes problems, we can create a compat symlink like `/usr/sbin/foo → ../bin/foo` using a `%postin` scriptlet in that package.
 
* If the change is causing problems in general and needs to be reverted, we'd need to undo the changes to macro definitions in `rpm` and rebuild some or all packages.
<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages).  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
* Contingency deadline: in principle can be done at any time, but would require a rebuild of some or all affected packages.
* Contingency mechanism: (What to do?  Who will do it?) N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Blocks release? no. It is OK if the change is done partially.
<!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 


== Documentation ==
== Documentation ==
Line 139: Line 165:


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
N/A (not a System Wide Change)
TBD.


== Release Notes ==
== Release Notes ==

Latest revision as of 18:42, 2 August 2024


Unify /usr/bin and /usr/sbin

Summary

The /usr/sbin directory becomes a symlink to bin, which means paths like /usr/bin/foo and /usr/sbin/foo point to the same place. /bin and /sbin are already symlinks to usr/bin and usr/sbin, so effectively /bin/foo and /sbin/foo also point to the same place. /usr/sbin will be removed from the default $PATH. The same change is also done to make /usr/local/sbin point to bin, effectively making /usr/local/bin/foo and /usr/local/sbin/foo point to the same place. The definition of %_sbindir will be changed to %_bindir, so packages will start using the new directory after a rebuild without any further action. Maintainers may stop using %_sbindir, but don't need to.

Owner

Current status

Detailed Description

The split between /bin and /sbin is not useful, and also unused. The original split was to have "important" binaries statically linked in /sbin which could then be used for emergency and rescue operations. Obviously, we don't do static linking anymore. Later, the split was repurposed to isolate "important" binaries that would only be used by the administrator. While this seems attractive in theory, in practice it's very hard to categorize programs like this, and normal users routinely invoke programs from /sbin. Most programs that require root privileges for certain operations are also used when operating without privileges. And even when privileges are required, often those are acquired dynamically, e.g. using polkit. Since many years, the default $PATH set for users includes both directories. With the advent of systemd this has become more systematic: systemd sets $PATH with both directories for all users and services. So in general, all users and programs would find both sets of binaries.

One additional use of the /bin/sbin split is consolehelper. In this approach, the user-facing program (/bin/foo) is a symlink to /bin/consolehelper, which is a suid binary that elevates privileges and calls the "real" foo (/sbin/foo or /usr/libexec/foo). Most uses of consolehelper have been moved to polkit (https://fedoraproject.org/wiki/Features/UsermodeMigration), but some users remain (https://bugzilla.redhat.com/show_bug.cgi?id=502765). Use of /sbin for the privileged program is incompatible with the proposed merge; those packages will need to be adjusted to move the binary that requires privileges under /usr/lib or /usr/libexec (see Scope below).

Since generally all user sessions and services have both directories in $PATH, this split actually isn't used for anything. Its main effect is confusion when people need to use the absolute path and guess the directory wrong. Other distributions put some binaries in the other directory, so the absolute path is often not portable. Also, it is very easy for a user to end up with /sbin before /bin in $PATH, and for an administrator to end up with /bin before /sbin in $PATH, causing confusion. If this feature is dropped, the system became a little bit simpler, which is useful especially for new users, who are not aware of the history of the split.

Many years ago we merged /bin and /usr/bin (https://fedoraproject.org/wiki/Features/UsrMove). In some ways that split was similar: it had historical justification that went away more than a decade prior, it was impossible to cleanly categorize programs into the the categories so effectively both parts were needed for boot, and even though it was making the system more complicated for little gain, the split was being carried forward because it was easier to do so than to remove it (http://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge). This split is much less visible, but it's also making the system more complicated for no gain, and removing it is the natural follow-up.

Feedback

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/TRQ3I7BDTHG6N7WQEQ7PMK3P6PVWXQMI/

"Programs in /usr/bin have their documentation in section 1 of the manual, while programs /usr/sbin are documented in section 8."

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NALSOW35LXN6HZPULMQ46WXNGZO4SYK4/

"The manual sections have historical meaning:

https://en.wikipedia.org/wiki/Man_page#Manual_sections eg. 1 = general commands 8 = system administration

So unless the tools themselves are changing their purpose or are in the wrong section now, the manual sections should stay the same."

Benefit to Fedora

  • Packagers don't have to think whether to install programs in %_bindir or %_sbindir.
  • Users don't have to think whether programs are in %_bindir or %_sbindir.
  • Fedora becomes more compatible with other distributions (for example, we have /sbin/ip while Debian has /bin/ip, and we have /bin/chmem and /bin/isosize, but Debian has /sbin/chmem and /sbin/isosize, and we also have /sbin/{addpart,delpart,lnstat,nstat,partx,ping,rdma,resizepart,ss,udevadm,update-alternatives}, while Debian has those in under /bin, etc.)
  • Fedora becomes more compatible with Arch, which did the merge a few years ago.
  • execvp and related functions iterate over fewer directories. This probably doesn't matter for speed, but is a nice simplification when looking at logs or strace output.

Scope

  • Proposal owners:
    • Adjust %_sbindir in /usr/lib/rpm/macros (part of rpm package) to evaluate to %_bindir. Packages will be updated automatically during the mass rebuild.
    • Add a %filetrigger to filesystem package to create symlinks to ../bin/foo for every foo that is uninstalled from /usr/sbin.
    • Add a %posttrans trigger to filesystem package to check that /usr/sbin only contains symlinks and do ln -fs bin /usr/sbin. (Those scriptlets make it easier to have a smooth transition. At all times, the old paths will still work. After the transition is complete we can drop the scriptlets and provide the /usr/sbin symlink in the filesystem package.)
    • Adjust systemd package to build with -Dsplit-bin=no.
    • File a pull request for Packaging Guidelines to stop mentioning %{_sbindir}. The macro will remain defined to avoid breakage of packages which use it.
  • Other developers:
    • Packages which install to hardcoded $DESTDIR/usr/sbin, but then use %{_sbindir} in %files, will need to be adjusted.
    • Packages which use consolehelper and install the same name under both directories will need to be adjusted to use a different directory. Some of those packages may be retired instead. See list below.
  • Packages using usermode with binaries in both directories:
    • anaconda-live
    • beesu
    • chkrootkit
    • hddtemp
    • mate-system-log
    • setuptool
    • subscription-manager
    • system-switch-java
    • xawtv
  • Packages which package a symlink in /usr/sbin that will need to be dropped:
    • opensmtpd
    • rpcbind
    • policycoreutils
    • systemd-udev
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Community Initiatives: nope

Upgrade/compatibility impact

The change should be mostly invisible for users. While the transition is ongoing, both sets of paths should work and users should have both directories in $PATH. Once the transition is finished, both sets of paths should work, but users will only have /usr/bin in $PATH.

How To Test

User Experience

Dependencies

Contingency Plan

  • If the move of a binary of any specific package causes problems, we can create a compat symlink like /usr/sbin/foo → ../bin/foo using a %postin scriptlet in that package.
  • If the change is causing problems in general and needs to be reverted, we'd need to undo the changes to macro definitions in rpm and rebuild some or all packages.
  • Contingency deadline: in principle can be done at any time, but would require a rebuild of some or all affected packages.
  • Blocks release? no. It is OK if the change is done partially.

Documentation

TBD.

Release Notes