From owner-freebsd-questions@FreeBSD.ORG Sun Dec 31 22:13:18 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB70E16A403 for ; Sun, 31 Dec 2006 22:13:18 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (agora.rdrop.com [199.26.172.34]) by mx1.freebsd.org (Postfix) with ESMTP id AEF1B13C459 for ; Sun, 31 Dec 2006 22:13:18 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id kBVMDFnJ086657 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 31 Dec 2006 14:13:15 -0800 (PST) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id kBVMDFd4086656; Sun, 31 Dec 2006 14:13:15 -0800 (PST) Received: from fbsd61 ([192.168.200.61]) by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA27660; Sun, 31 Dec 06 14:00:17 PST Date: Sun, 31 Dec 2006 14:02:00 -0800 From: perryh@pluto.rain.com To: chris@childeric.freeserve.co.uk Message-Id: <45983358.Juh4OWC8uNEjIKjw%perryh@pluto.rain.com> References: <4597CCA6.3080404@childeric.freeserve.co.uk> In-Reply-To: <4597CCA6.3080404@childeric.freeserve.co.uk> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: what is operator group for? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Dec 2006 22:13:18 -0000 > can anyone tell me what the operator group is for, or docs where I can > read about it? I see that /sbin/shutdown and /sbin/mk_snap_ffs are both > executable by members and various things in /dev/ are mountable by them. My understanding is that group "operator" is intended for those who deal with devices, e.g. running backups and monitoring printers. > I want a regular user to be able to mount removeable media and shutdown > the computer. If I make them a member of operator group what else am I > allowing them to do? With the usual permission settings, you are also allowing them to read disks directly (e.g. with dump(8)), and thus to read any file on the system -- including the system's and other users' private key files. One alternative is sudo.