[6.3] Assigning "shutdown" to eg. Syst?
Ian Smith
smithi at nimnet.asn.au
Tue Dec 23 10:03:06 UTC 2008
On Tue, 23 Dec 2008, perryh at pluto.rain.com wrote:
> > The only other thing being in group operator lets you run,
> > apart from what you've added into /etc/devfs.{conf,rules} is
> > /sbin/mksnap_ffs ..
>
> In a default devfs config, it grants read permission to
> the disk devices (presumably to enable running dump(8)).
True, so if Gilles' dad really wants to run dump, he most likely can.
The .snap directory in the root of a (mounted) file system to be dumped
has owner root, group operator, mode 0770 - paraphrasing from dump(8) -
and then he'd need mount and write permissions on the dump destination.
Doesn't sound too risky if Gilles trusts him enough to run shutdown :)
cheers, Ian
More information about the freebsd-questions
mailing list