So, https://certbot.eff.org/docs/install.html states that you should install certbot-auto in /usr/local/bin.
I think this is the wrong location.
As stated in the Linux FHS standard http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html
the /usr/local.bin directory is for local binaries. So scripts and programs local to the system for its users.
The /usr/local/sbin directory is for local system binaries. Since certbot and certbot-auto is not a regular user tool but for root/admin users it seems only logical to place them in /usr/local/sbin.
It also aids a little in the error messages about insecure permissions 9at least when you document the correct right settings).
My 2 cents.
Thanks for the feedback. You’re right that
/usr/local/sbin more closely follows the Linux FHS, however, I don’t think we’re going to make this change because on some systems
/usr/local/sbin isn’t in a user’s
PATH by default (and you don’t need to invoke
certbot-auto as root because it will help you reinvoke itself with
sudo as needed). I personally don’t think opening this up as a potential problem for new sysadmins is worth changing our instructions.
With that said, the location of the
certbot-auto script itself doesn’t matter as long as its permissions are secure. Feel free to place the file wherever you like!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.