From owner-freebsd-questions@freebsd.org Fri Feb 19 22:20:08 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 338E5AAD9BD for ; Fri, 19 Feb 2016 22:20:08 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from mail.inka.de (quechua.inka.de [IPv6:2001:7c0:407:1001:217:a4ff:fe3b:e77c]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0087D1CFE for ; Fri, 19 Feb 2016 22:20:07 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from mips.inka.de (news@[127.0.0.1]) by mail.inka.de with uucp (rmailwrap 0.5) id 1aWtPB-00007Q-17; Fri, 19 Feb 2016 23:20:05 +0100 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.15.2/8.15.2) with ESMTP id u1JMHgV8047251 for ; Fri, 19 Feb 2016 23:17:42 +0100 (CET) (envelope-from news@lorvorc.mips.inka.de) Received: (from news@localhost) by lorvorc.mips.inka.de (8.15.2/8.15.2/Submit) id u1JMHguN047250 for freebsd-questions@freebsd.org; Fri, 19 Feb 2016 23:17:42 +0100 (CET) (envelope-from news) To: freebsd-questions@freebsd.org From: Christian Weisgerber Newsgroups: list.freebsd.questions Subject: Re: minimize use of root account Date: Fri, 19 Feb 2016 22:17:42 +0000 (UTC) Message-ID: References: <1455859963.3464449.525672506.6773F275@webmail.messagingengine.com> User-Agent: slrn/1.0.2 (FreeBSD) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2016 22:20:08 -0000 On 2016-02-19, "Ardie H. Hwang" wrote: > Adding a normal user to `operator` group allows the user to use `shutdown(1) command. `reboot(1)` is only for root, but it can be substituted with `shutdown -r now`. Note that group operator also grants read access to disk devices. (The idea is that such users can run backups with dump(8).) This effectively means read access to any and all files on those disks, regardless of the filesystem permissions. -- Christian "naddy" Weisgerber naddy@mips.inka.de