Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_7_4_BASE
Revision 1.99 / (download) - annotate - [select for diffs], Mon Jun 19 13:05:25 2023 UTC (11 months, 1 week ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.98: +1 -0 lines
Diff to previous 1.98 (colored)
The group "operator" gatekeeps a few superuser abilities (dumping disks, manipulating tape drives -> means gid operator on device nodes). This group is also used with group-access bit on the setuid-root shutdown command (mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but use of that group is giving them disk read access also, which is wrong. It would be a pain to re-gid all the device nodes, so instead let's renumber the operator execution gid into group "_shutdown". Users using this shutdown/reboot functionality will notice it no longer works, and move themselves to the correct group. Various choices discussed at large, this seems our best choice. ok sthen
![[BACK]](/icons/back.gif){kind=icon}