From owner-freebsd-questions@FreeBSD.ORG Wed Jan 3 23:51:39 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BED1C16A416 for ; Wed, 3 Jan 2007 23:51:39 +0000 (UTC) (envelope-from chris@childeric.freeserve.co.uk) Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5648013C45A for ; Wed, 3 Jan 2007 23:51:39 +0000 (UTC) (envelope-from chris@childeric.freeserve.co.uk) Received: from [172.23.170.141] (helo=anti-virus02-08) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1H2FtS-0006vu-Ff for freebsd-questions@freebsd.org; Wed, 03 Jan 2007 23:51:38 +0000 Received: from [82.35.115.93] (helo=[192.168.10.60]) by asmtp-out6.blueyonder.co.uk with esmtpa (Exim 4.52) id 1H2FtR-00033H-S2 for freebsd-questions@freebsd.org; Wed, 03 Jan 2007 23:51:38 +0000 Message-ID: <459C4185.7090809@childeric.freeserve.co.uk> Date: Wed, 03 Jan 2007 23:51:33 +0000 From: Chris Whitehouse User-Agent: Thunderbird 1.5 (X11/20060417) MIME-Version: 1.0 To: FreeBSD Questions References: <4597CCA6.3080404@childeric.freeserve.co.uk> <8a0028260612311143o4a843c5r55ad49fa901a077a@mail.gmail.com> <8a0028260701021422q71ee7a6by78fb4b773ec34688@mail.gmail.com> In-Reply-To: <8a0028260701021422q71ee7a6by78fb4b773ec34688@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Fwd: what is operator group for? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 23:51:39 -0000 Jeff Rollin wrote: > ---------- Forwarded message ---------- > From: Jeff Rollin > Date: 31-Dec-2006 19:43 > Subject: Re: what is operator group for? > To: Chris Whitehouse > > > > On 31/12/06, Chris Whitehouse wrote: >> >> Hi all >> >> I sent this once already but didn't see it come back, sorry if it has >> appeared twice. > > > AFAIK it has only come up once, so that's OK. > > can anyone tell me what the operator group is for, or docs where I can >> read about it? I see that /sbin/shutdown and /sbin/mk_snap_ffs are both >> executable by members and various things in /dev/ are mountable by them. > > > Originally things were set up that way so that people in the "operator" > group could mount disks and tapes, shut the machine off, etc. root would do > the system administration itself (removing rootkits, etc.) > > Well, when I say "originally" I mean "when the operator group was added to > the system". I don't think it existed in early versions of UNIX. > > Jeff > > Sorry for all the random appearances of this post, I posted once and it didn't appear, so I posted again a couple of days later, then my posts plus replies plus an offline reply and so recursively came at various times. Summary of replies in case anyone else is looking: perryh@pluto.rain.com My understanding is that group "operator" is intended for those who deal with devices, e.g. running backups and monitoring printers. With the usual permission settings, you are also allowing them to read disks directly (e.g. with dump(8)), and thus to read any file on the system -- including the system's and other users' private key files. One alternative is sudo. gs_stoller@juno.com > My understanding is that group "operator" is intended for those who > deal with devices, e.g. running backups and monitoring printers. The answer above is correct. I found the operator "group" described in "Essential System Administration" by AEleen Frisch which is published by O'Reilly & Associates, Inc. Thanks everybody for answers Chris