In case it actually went out: sorry for the first reply without content - I prematurely pressed "send".
On Sun, Jan 09, 2022 at 10:30:54AM +0000, Laurent Bercot wrote: > As you said, it would do no good for normal users to run these > programs, so there's no point in giving them the necessary permissions. When packaging your software, this was one of the only upstream defaults I changed. I encountered several cases where a user might want to use those binaries, and did not want the software authors policy to be in the way there: - generating an initramfs (s6-mount was the culprit if I remember correctly) - more generally generating any kind of rootfs / copying a working binary from a machine where you are not root to one where you are - User namespaces: I tend to play with namespaces with a shared, ro-mounted /, but isolated /home to isolate random software. Inside those namespaces I start as "root" with an unshared mount namespace, so s6-*uidgid and s6-*mount are nice to have access to