Return to group CVS log

Up to [local] / src / etc

The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes).  This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s).  Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen

wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
bin:*:7:
wsrc:*:9:
users:*:10:
auth:*:11:
games:*:13:
staff:*:20:root
wobj:*:21:
sshd:*:27:
_portmap:*:28:
_identd:*:29:
_rstatd:*:30:
guest:*:31:root
_rusersd:*:32:
_fingerd:*:33:
_sshagnt:*:34:
_x11:*:35:
utmp:*:45:
_unwind:*:48:
_traceroute:*:50:
_ping:*:51:
_unbound:*:53:
_dpb:*:54:
_pbuild:*:55:
_pfetch:*:56:
_pkgfetch:*:57:
_pkguntar:*:58:
_spamd:*:62:
_radius:*:63:
_token:*:64:
_shadow:*:65:
crontab:*:66:
www:*:67:
_isakmpd:*:68:
network:*:69:
_rpki-client:*:70:
_bgplgd:*:71:
authpf:*:72:
_syslogd:*:73:
_pflogd:*:74:
_bgpd:*:75:
_tcpdump:*:76:
_dhcp:*:77:
_mopd:*:78:
_tftpd:*:79:
_rbootd:*:80:
_ppp:*:82:
_ntp:*:83:
_ftp:*:84:
_ospfd:*:85:
_hostapd:*:86:
_dvmrpd:*:87:
_ripd:*:88:
_relayd:*:89:
_ospf6d:*:90:
_snmpd:*:91:
_agentx:*:92:
_ypldap:*:93:
_rad:*:94:
_smtpd:*:95:
_rwalld:*:96:
_nsd:*:97:
_ldpd:*:98:
_sndio:*:99:
_ldapd:*:100:
_iked:*:101:
_iscsid:*:102:
_smtpq:*:103:
_file:*:104:
_radiusd:*:105:
_eigrpd:*:106:
_vmd:*:107:
_tftp_proxy:*:108:
_ftp_proxy:*:109:
_sndiop:*:110:
_syspatch:*:112:
_slaacd:*:115:
dialer:*:117:
_shutdown:*:118:
nogroup:*:32766:
nobody:*:32767: