From owner-freebsd-questions@freebsd.org  Fri Feb 19 22:20:08 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 338E5AAD9BD
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 19 Feb 2016 22:20:08 +0000 (UTC)
 (envelope-from news@mips.inka.de)
Received: from mail.inka.de (quechua.inka.de
 [IPv6:2001:7c0:407:1001:217:a4ff:fe3b:e77c])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0087D1CFE
 for <freebsd-questions@freebsd.org>; Fri, 19 Feb 2016 22:20:07 +0000 (UTC)
 (envelope-from news@mips.inka.de)
Received: from mips.inka.de (news@[127.0.0.1])
 by mail.inka.de with uucp (rmailwrap 0.5) 
 id 1aWtPB-00007Q-17; Fri, 19 Feb 2016 23:20:05 +0100
Received: from lorvorc.mips.inka.de (localhost [127.0.0.1])
 by lorvorc.mips.inka.de (8.15.2/8.15.2) with ESMTP id u1JMHgV8047251
 for <freebsd-questions@freebsd.org>; Fri, 19 Feb 2016 23:17:42 +0100 (CET)
 (envelope-from news@lorvorc.mips.inka.de)
Received: (from news@localhost)
 by lorvorc.mips.inka.de (8.15.2/8.15.2/Submit) id u1JMHguN047250
 for freebsd-questions@freebsd.org; Fri, 19 Feb 2016 23:17:42 +0100 (CET)
 (envelope-from news)
To: freebsd-questions@freebsd.org
From: Christian Weisgerber <naddy@mips.inka.de>
Newsgroups: list.freebsd.questions
Subject: Re: minimize use of root account
Date: Fri, 19 Feb 2016 22:17:42 +0000 (UTC)
Message-ID: <slrnncf546.1c8b.naddy@lorvorc.mips.inka.de>
References: <CACo--mv9qU2ZwtTuZRQBpioEr+enT=sd-SJ79BFumZt5aL18jg@mail.gmail.com>
 <1455859963.3464449.525672506.6773F275@webmail.messagingengine.com>
User-Agent: slrn/1.0.2 (FreeBSD)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 22:20:08 -0000

On 2016-02-19, "Ardie H. Hwang" <iam@ardiefox.me> wrote:

> Adding a normal user to `operator` group allows the user to use `shutdown(1) command. `reboot(1)` is only for root, but it can be substituted with `shutdown -r now`.

Note that group operator also grants read access to disk devices.
(The idea is that such users can run backups with dump(8).)
This effectively means read access to any and all files on those
disks, regardless of the filesystem permissions.

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de