Date: Tue, 23 Dec 2008 21:02:43 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: perryh@pluto.rain.com Cc: gilles.ganault@free.fr, roberthuff@rcn.com, freebsd@edvax.de, freebsd-questions@freebsd.org Subject: Re: [6.3] Assigning "shutdown" to eg. Syst? Message-ID: <20081223203507.Y29108@sola.nimnet.asn.au> In-Reply-To: <4950a974.ZI/PaBzEBmLh8NkL%perryh@pluto.rain.com> References: <20081222195940.A4A4B1065697@hub.freebsd.org> <20081223155700.O29108@sola.nimnet.asn.au> <18768.30870.452544.128722@jerusalem.litteratus.org> <20081223163910.I29108@sola.nimnet.asn.au> <4950a974.ZI/PaBzEBmLh8NkL%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Dec 2008, perryh@pluto.rain.com wrote:
> > The only other thing being in group operator lets you run,
> > apart from what you've added into /etc/devfs.{conf,rules} is
> > /sbin/mksnap_ffs ..
>
> In a default devfs config, it grants read permission to
> the disk devices (presumably to enable running dump(8)).
True, so if Gilles' dad really wants to run dump, he most likely can.
The .snap directory in the root of a (mounted) file system to be dumped
has owner root, group operator, mode 0770 - paraphrasing from dump(8) -
and then he'd need mount and write permissions on the dump destination.
Doesn't sound too risky if Gilles trusts him enough to run shutdown :)
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081223203507.Y29108>