Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Dec 2005 13:46:37 -0800
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        "gs_stoller@juno.com" <gs_stoller@juno.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: (no subject)
Message-ID:  <20051219214637.GA12421@odin.ac.hmc.edu>
In-Reply-To: <20051219.125855.15860.149388@webmail38.nyc.untd.com>
References:  <20051219.125855.15860.149388@webmail38.nyc.untd.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 19, 2005 at 08:58:41PM +0000, gs_stoller@juno.com wrote:
> 	I discovered the user "operator" in  UNIX , found it in the
> book "Essential System Administration" by AEleen Frisch, and it has
> features that I would like to use.  The book says (on page 131) that
> this user exists on some  BSD  systems and it is used for back-ups
> and such.  It is like  superuser  ( root )  in that it can access any
> file regardless of the permission bits, but it operates readonly,
> it cannot modify unless the permission bits allow it to do so.
> 	I checked  /etc/passwd  and found that  operator  is a user
> (in  FreeBSD 4.3 ).  When I tried it out, I found some directories
> that  operator  couldn't enter and checked a few of those directories
> and found that they gave absolutely no access to 'other' users,
> explaining why  operator  couldn't enter those directories.  I feel
> that this is an error since it doesn't allow  operator  to do its
> stated task.  Similarly,  operator  cannot access plain files
> unless the permission bits allow it to do so.
> 	Please implement this user as the book lists it, this will
> give the  FreeBSD  community a useful capability.  We could check
>  LINUX  and see if they have have it properly implemented; if so
> we could copy it making the necessary changes, an easier task.

The book or your understanding of it is incorrect.  The operator user
traditionally has unrestricted read access to the raw disks because it
is in group operator.  As such it can read any local data, but not via
the file system.  Since backups are traditionally performed via the dump
command which directly accesses the disk, this allows backups to run as
operator.

>          uname -a  for my system gives:
> FreeBSD  4.3-RELEASE FreeBSD 4.3-RELEASE #0: Sat Apr 21 10:54:49 GMT 2001=
     jkh@narf.osd.bsdi.com:/usr/src/sys/compile/GENERIC  i386

This is a truly obsolete version of FreeBSD.  If you must run the 4.x
series, run 4.11.  Better yet, run 6.0.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDpyo9XY6L6fI4GtQRAlz9AJ4vX/1izVW+XX4kUvNmo20zErMxxgCgsQrW
/TJDUejKVZDBU8yUw8dNzyI=
=8UNj
-----END PGP SIGNATURE-----

--dDRMvlgZJXvWKvBx--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051219214637.GA12421>