Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Dec 2017 03:54:17 +0100
From:      <rank1seeker@gmail.com>
To:        Ben Woods <woodsb02@gmail.com>
Cc:        hackers@freebsd.org
Subject:   Re: Operator group and reboot cmd
Message-ID:  <20171219035417.000012a6@gmail.com>
In-Reply-To: <CAOc73CD_fxATSUmqBKAxafL8eA5tVeg-L_NfyhTKMzXmJYNidg@mail.gmail.com>
References:  <20171218145303.00007fb2@gmail.com> <CAOc73CD_fxATSUmqBKAxafL8eA5tVeg-L_NfyhTKMzXmJYNidg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 18 Dec 2017 20:19:58 +0000
Ben Woods <woodsb02@gmail.com> wrote:

> On Tue, 19 Dec 2017 at 2:53 am, <rank1seeker@gmail.com> wrote:
>=20
> > 11.1 REL-p6
> >
> > As a non-root user and member of operator group, I was able to
> > issue a poweroff and shutdown commands (group set to operator), but
> > not a reboot (group set to wheel) command (Operation not permitted).
> >
> > I was able to reboot by:
> > $ shutdown -r now
> >
> > But to use reboot, cmd I had to:
> > # chgrp 5 /sbin/reboot
> > # chmod 4554 /sbin/reboot
> >     Shouldn't this be set by default install?
> > # exit
> >
> > $ reboot =20
>=20
>=20
> I suspect this is deliberate because the reboot command does not give
> processes a proper chance to exit cleanly. Therefore, it makes sense
> if only those in the wheel group can use this big hammer, whilst
> operators must follow the proper shutdown model.
>=20
> From the reboot man page:
> https://man.freebsd.org/reboot
>=20
> =E2=80=9CNormally, the shutdown(8) utility is used when the system needs =
to
> be halted or restarted, giving users advance warning of their
> impending doom and cleanly terminating specific programs.=E2=80=9D
>=20
>=20
> Regards,
>=20
> Ben


Thanks Ben,

I'll have to investigate it, but in a meantime I've figured that it
auto affected:

-r-sr-xr--  4 root  operator       /sbin/fastboot
-r-sr-xr--  4 root  operator       /sbin/fasthalt
-r-sr-xr--  4 root  operator       /sbin/halt

which means those are hardlinks and man proves it ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171219035417.000012a6>