From owner-freebsd-questions@freebsd.org Mon Feb 22 02:11:11 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66946AB0CA0 for ; Mon, 22 Feb 2016 02:11:11 +0000 (UTC) (envelope-from yudi.tux@gmail.com) Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30AFA154A for ; Mon, 22 Feb 2016 02:11:11 +0000 (UTC) (envelope-from yudi.tux@gmail.com) Received: by mail-ig0-x22d.google.com with SMTP id 5so72423936igt.0 for ; Sun, 21 Feb 2016 18:11:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=pQApDqfCHOnuYpmoAnEV6z/BHR9O1frspajCsmv2iBg=; b=W+l6D4brc1CSfQGzKGcLBdH4vIXfqHltPMn1dfoL3ix7UfL2Bb1yT1b11KN0yTHUdw BuWaUj8DtMpGk4Fozd1GUF3dPccr/u5tQzpIRL10jeYhKWBt+QnH4Q3938pZXvD/18/N vQ5L5jAGrWV7/vnGT/+1veKd/bcwaRmmT9ReiXTxMp++MsjoSygLBGiFJ2ig56oX3134 l+9iAXFOpzDSWydcGCTK19HFoiy0/vVUAUcn694aGn98eyvsREoGTxVWvTtq2Nwga3kN HUDJ9d13zMyx7352P6ndvvzxmiG3m/kQzpTO7ZuJ3j2ldvQtzVPYF1F5XUR+gzJTx0OX 0NeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=pQApDqfCHOnuYpmoAnEV6z/BHR9O1frspajCsmv2iBg=; b=DjFnkIOpn7RZhpK6kPJslbspkn4DDrKoH3zIDBYGmyENa8LzfqBDWO60km3Y4aLui2 ZrbVwhf6y+7iNiHo94pl4UPz3SxULBBdjQjGadErugp0+qIIMi8fG94oI0FgLjDI4eJH J09BiYZKROkJGNYKrCmr7PsJPSw/VOktMWkE3aoVe/ExsVX9fmsAAcAwnXTul9MLEOwA i1GvBl+uTNlMZpDV7hTTG02UwqCEpptp4fh/+AFg7VoJCJuCmN5VbvbZtkWT+6eqZvy3 3POsQ93K7H/vZIhgU5KHb08JDrCbN+HuXn+ctKbMlNU4u/gwWXRTz7uUjbQojWI9P8i/ 4U2A== X-Gm-Message-State: AG10YOQ3fOBSHzHa4cq77fg5p5cVVJ4TM0TAM3DIgsGZkD4Ll+AxqU7oaT2e9jSlXY3P66KIuDzLn47s9x+VEA== MIME-Version: 1.0 X-Received: by 10.50.78.101 with SMTP id a5mr8730204igx.18.1456107070738; Sun, 21 Feb 2016 18:11:10 -0800 (PST) Received: by 10.107.153.129 with HTTP; Sun, 21 Feb 2016 18:11:10 -0800 (PST) In-Reply-To: References: <1455859963.3464449.525672506.6773F275@webmail.messagingengine.com> Date: Mon, 22 Feb 2016 13:11:10 +1100 Message-ID: Subject: Re: minimize use of root account From: Yudi V To: Christian Weisgerber Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2016 02:11:11 -0000 > Note that group operator also grants read access to disk devices. > (The idea is that such users can run backups with dump(8).) > This effectively means read access to any and all files on those > disks, regardless of the filesystem permissions. > that's good to know, I am the only one using this server, so it is fine. But just out of curiosity, how to give a user shutdown rights without giving them read access to all the drives? -- Kind regards, Yudi