From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 24 05:54:03 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D562A106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Aug 2012 05:54:03 +0000 (UTC)
	(envelope-from steve@sohara.org)
Received: from uk1rly2283.eechost.net (relay01a.mail.uk1.eechost.net
	[217.69.40.75]) by mx1.freebsd.org (Postfix) with ESMTP id 8FBE28FC12
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Aug 2012 05:54:03 +0000 (UTC)
Received: from [31.186.37.179] (helo=rpi-1.marelmo.com)
	by uk1rly2283.eechost.net with esmtpa (Exim 4.72)
	(envelope-from <steve@sohara.org>) id 1T4mlx-0007wh-5g
	for freebsd-questions@freebsd.org; Fri, 24 Aug 2012 06:49:33 +0100
Received: from [192.168.63.1] (helo=steve.marelmo.com)
	by rpi-1.marelmo.com with smtp (Exim 4.72)
	(envelope-from <steve@sohara.org>) id 1T4mqk-0000Em-Is
	for freebsd-questions@freebsd.org; Fri, 24 Aug 2012 06:54:30 +0100
Date: Fri, 24 Aug 2012 06:53:59 +0100
From: Steve O'Hara-Smith <steve@sohara.org>
To: freebsd-questions@freebsd.org
Message-Id: <20120824065359.82c1dc4b.steve@sohara.org>
In-Reply-To: <B8CE39B4-6A1C-42CA-93FB-148CA392B4FA@my.gd>
References: <CAK0Kb5FfcKzjOoLLwM+TX+Z17ZBC-gVSBUtrZNF7Ufpxk1c7FA@mail.gmail.com>
	<20120823162621.ae92b733.steve@sohara.org>
	<B8CE39B4-6A1C-42CA-93FB-148CA392B4FA@my.gd>
X-Mailer: Sylpheed 3.1.3 (GTK+ 2.24.6; amd64-portbld-freebsd9.0)
X-Face: %]+HVL}K`P8>+8ZcY-WGHP6j@&mxMo9JH6_WdgIgUGH)JX/usO0%jy7T~IVgqjumD^OBqX,
	Kv^-GM6mlw(fI^$"QRKyZ$?xx/
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Auth-Info: 15567@permanet.ie (plain)
Subject: Re: implications of adding root to a group
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2012 05:54:03 -0000

On Thu, 23 Aug 2012 23:07:04 +0200
Damien Fleuriot <ml@my.gd> wrote:

> 
> On 23 Aug 2012, at 17:26, Steve O'Hara-Smith <steve@sohara.org> wrote:
> 
> > On Thu, 23 Aug 2012 07:51:10 -0700
> > Krims G <krimskrims@gmail.com> wrote:
> > 
> >> Hello, I've been looking at the /etc/group and have noticed that some
> >> groups have root included in them, for example "operator". Is it not
> >> implied that root has access to all things and groups? What is the
> >> purpose of adding root to a group? If I add root to some new arbitrary
> >> group, what does it result in differently than if I do not add root to
> >> that group?
> > 
> >    The root user has the ability to ignore file permissions, but not
> > the ability to subvert group membership tests in scripts or programs.
> > 
> > -- 
> > Steve O'Hara-Smith                          |   
> 
> 
> While I can compute what you wrote, I fail to see the implications.
> 
> Would you kindly explain in layman's terms ?

	Any script or program that checks group membership before
proceeding will execute for root regardless of permissions but won't do
anything (except emit a message) unless root is also a member of the
required group.
 
-- 
Steve O'Hara-Smith                          |   Directable Mirror Arrays
C:>WIN                                      | A better way to focus the sun
The computer obeys and wins.                |    licences available see
You lose and Bill collects.                 |    http://www.sohara.org/