From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 23 10:03:05 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ECBCF1065674
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Dec 2008 10:03:05 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F1CE8FC0C
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Dec 2008 10:03:05 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id mBNA2h1b058046;
	Tue, 23 Dec 2008 21:02:43 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Tue, 23 Dec 2008 21:02:43 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: perryh@pluto.rain.com
In-Reply-To: <4950a974.ZI/PaBzEBmLh8NkL%perryh@pluto.rain.com>
Message-ID: <20081223203507.Y29108@sola.nimnet.asn.au>
References: <20081222195940.A4A4B1065697@hub.freebsd.org>
	<20081223155700.O29108@sola.nimnet.asn.au>
	<18768.30870.452544.128722@jerusalem.litteratus.org>
	<20081223163910.I29108@sola.nimnet.asn.au>
	<4950a974.ZI/PaBzEBmLh8NkL%perryh@pluto.rain.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: gilles.ganault@free.fr, roberthuff@rcn.com, freebsd@edvax.de,
	freebsd-questions@freebsd.org
Subject: Re: [6.3] Assigning "shutdown" to eg. Syst?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2008 10:03:06 -0000

On Tue, 23 Dec 2008, perryh@pluto.rain.com wrote:
 > > The only other thing being in group operator lets you run,
 > > apart from what you've added into /etc/devfs.{conf,rules} is
 > > /sbin/mksnap_ffs ..
 > 
 > In a default devfs config, it grants read permission to
 > the disk devices (presumably to enable running dump(8)).

True, so if Gilles' dad really wants to run dump, he most likely can.

The .snap directory in the root of a (mounted) file system to be dumped 
has owner root, group operator, mode 0770 - paraphrasing from dump(8) -
and then he'd need mount and write permissions on the dump destination.

Doesn't sound too risky if Gilles trusts him enough to run shutdown :)

cheers, Ian