From owner-freebsd-questions@freebsd.org Fri Feb 19 14:53:04 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E230AAD410 for ; Fri, 19 Feb 2016 14:53:04 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C9D211A9E for ; Fri, 19 Feb 2016 14:53:03 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id u1JEqrdj069639; Fri, 19 Feb 2016 14:52:54 GMT (envelope-from freebsd@qeng-ho.org) Subject: Re: minimize use of root account To: Polytropon , Yudi V References: <20160219120503.fc97ef10.freebsd@edvax.de> Cc: freebsd-questions@freebsd.org From: Arthur Chance Message-ID: <56C72C45.2050606@qeng-ho.org> Date: Fri, 19 Feb 2016 14:52:53 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <20160219120503.fc97ef10.freebsd@edvax.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2016 14:53:04 -0000 On 19/02/2016 11:05, Polytropon wrote: > On Fri, 19 Feb 2016 16:29:43 +1100, Yudi V wrote: >> Hi all, >> >> currently I use the below script to load geli devices and import zpool. It >> needs to be run as root. >> how to run this script as normal user, is there a group that the user needs >> to be part of? > > No, not for this task. > > There are different ways to do it. > > 1. You can set the script itself to "run as root" (chmod +s) when > the script is owned by root:root. Regular users may then execute it. I thought suid scripts were disabled years ago because they were a major security loophole? -- Moore's Law of Mad Science: Every eighteen months, the minimum IQ necessary to destroy the world drops by one point.