From owner-freebsd-questions@FreeBSD.ORG  Mon Jan  1 17:33:29 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DCC0B16A40F
	for <questions@freebsd.org>; Mon,  1 Jan 2007 17:33:29 +0000 (UTC)
	(envelope-from chris@childeric.freeserve.co.uk)
Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk
	[195.188.213.5])
	by mx1.freebsd.org (Postfix) with ESMTP id A092413C448
	for <questions@freebsd.org>; Mon,  1 Jan 2007 17:33:29 +0000 (UTC)
	(envelope-from chris@childeric.freeserve.co.uk)
Received: from [172.23.170.140] (helo=anti-virus02-07)
	by smtp-out2.blueyonder.co.uk with smtp (Exim 4.52)
	id 1H1R2O-00036N-Kn; Mon, 01 Jan 2007 17:33:28 +0000
Received: from [82.35.115.93] (helo=[192.168.10.60])
	by asmtp-out6.blueyonder.co.uk with esmtpa (Exim 4.52)
	id 1H1R2O-0003We-3D; Mon, 01 Jan 2007 17:33:28 +0000
Message-ID: <459945E6.8010906@childeric.freeserve.co.uk>
Date: Mon, 01 Jan 2007 17:33:26 +0000
From: Chris Whitehouse <chris@childeric.freeserve.co.uk>
User-Agent: Thunderbird 1.5 (X11/20060417)
MIME-Version: 1.0
To: perryh@pluto.rain.com
References: <4597CCA6.3080404@childeric.freeserve.co.uk>
	<45983358.Juh4OWC8uNEjIKjw%perryh@pluto.rain.com>
In-Reply-To: <45983358.Juh4OWC8uNEjIKjw%perryh@pluto.rain.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: questions@freebsd.org
Subject: Re: what is operator group for?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jan 2007 17:33:30 -0000

perryh@pluto.rain.com wrote:
> 
>> I want a regular user to be able to mount removeable media and shutdown 
>> the computer. If I make them a member of operator group what else am I
>> allowing them to do?
> 
> With the usual permission settings, you are also allowing them to read
> disks directly (e.g. with dump(8)), and thus to read any file on the
> system -- including the system's and other users' private key files.

Good point, thanks

> 
> One alternative is sudo.

There are some notes somewhere about setting up a group and setting 
permissions in devfs.conf and devfs.rules which I have been using. I 
thought maybe using operator would be more convenient. Doing my own 
setup is fiddly but I know what they are allowed. And sudo for shutting 
down works fine.

Thanks for the reply.

Chris


> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
> 
>