Utilities used for system administration (and other root-only commands) are stored in /sbin, /usr/sbin, and /usr/local/sbin. /sbin typically contains binaries essential for booting the system in addition to the binaries in /bin. Anything executed after /usr is known to be mounted (when there are no problems) should be placed into /usr/sbin. Local-only system administration binaries should be placed into /usr/local/sbin.
Deciding what things go into "sbin" directories is simple: If a normal (not a system administrator) user will ever run it directly, then it should be placed in one of the "bin" directories. Ordinary users should not have to place any of the sbin directories in their path.
Note: For example, files such as chfn which users only occasionally use should still be placed in /usr/bin. ping, although it is absolutely necessary for root (network recovery and diagnosis) is often used by users and should live in /bin for that reason.
We recommend that users have read and execute permission for everything in /sbin except, perhaps, certain setuid and setgid programs. The division between /bin and /sbin was not created for security reasons or to prevent users from seeing the operating system, but to provide a good partition between binaries that everyone uses and ones that are primarily used for administration tasks. There is no inherent security advantage in making /sbin off-limits for users.
(Or any combination of the above, so long as shutdown is included.)
* = one or more of ext, ext2, minix, msdos, xia and perhaps others