[6.3] Assigning "shutdown" to eg. Syst?

Ian Smith smithi at nimnet.asn.au
Tue Dec 23 10:03:06 UTC 2008


On Tue, 23 Dec 2008, perryh at pluto.rain.com wrote:
 > > The only other thing being in group operator lets you run,
 > > apart from what you've added into /etc/devfs.{conf,rules} is
 > > /sbin/mksnap_ffs ..
 > 
 > In a default devfs config, it grants read permission to
 > the disk devices (presumably to enable running dump(8)).

True, so if Gilles' dad really wants to run dump, he most likely can.

The .snap directory in the root of a (mounted) file system to be dumped 
has owner root, group operator, mode 0770 - paraphrasing from dump(8) -
and then he'd need mount and write permissions on the dump destination.

Doesn't sound too risky if Gilles trusts him enough to run shutdown :)

cheers, Ian


More information about the freebsd-questions mailing list