Date: Wed, 03 Jan 2007 23:51:33 +0000 From: Chris Whitehouse <chris@childeric.freeserve.co.uk> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Fwd: what is operator group for? Message-ID: <459C4185.7090809@childeric.freeserve.co.uk> In-Reply-To: <8a0028260701021422q71ee7a6by78fb4b773ec34688@mail.gmail.com> References: <4597CCA6.3080404@childeric.freeserve.co.uk> <8a0028260612311143o4a843c5r55ad49fa901a077a@mail.gmail.com> <8a0028260701021422q71ee7a6by78fb4b773ec34688@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Rollin wrote: > ---------- Forwarded message ---------- > From: Jeff Rollin <jeff.rollin@gmail.com> > Date: 31-Dec-2006 19:43 > Subject: Re: what is operator group for? > To: Chris Whitehouse <chris@childeric.freeserve.co.uk> > > > > On 31/12/06, Chris Whitehouse <chris@childeric.freeserve.co.uk> wrote: >> >> Hi all >> >> I sent this once already but didn't see it come back, sorry if it has >> appeared twice. > > > AFAIK it has only come up once, so that's OK. > > can anyone tell me what the operator group is for, or docs where I can >> read about it? I see that /sbin/shutdown and /sbin/mk_snap_ffs are both >> executable by members and various things in /dev/ are mountable by them. > > > Originally things were set up that way so that people in the "operator" > group could mount disks and tapes, shut the machine off, etc. root would do > the system administration itself (removing rootkits, etc.) > > Well, when I say "originally" I mean "when the operator group was added to > the system". I don't think it existed in early versions of UNIX. > > Jeff > > Sorry for all the random appearances of this post, I posted once and it didn't appear, so I posted again a couple of days later, then my posts plus replies plus an offline reply and so recursively came at various times. Summary of replies in case anyone else is looking: perryh@pluto.rain.com My understanding is that group "operator" is intended for those who deal with devices, e.g. running backups and monitoring printers. With the usual permission settings, you are also allowing them to read disks directly (e.g. with dump(8)), and thus to read any file on the system -- including the system's and other users' private key files. One alternative is sudo. gs_stoller@juno.com > My understanding is that group "operator" is intended for those who > deal with devices, e.g. running backups and monitoring printers. The answer above is correct. I found the operator "group" described in "Essential System Administration" by AEleen Frisch which is published by O'Reilly & Associates, Inc. Thanks everybody for answers Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459C4185.7090809>