File: [local] / src / sbin / shutdown / Makefile (download)
Revision 1.4, Mon Jun 19 13:05:25 2023 UTC (11 months, 3 weeks ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, HEAD
Changes since 1.3: +2 -2 lines
The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen
|
![[BACK]](/icons/back.gif){kind=icon}
Return to Makefile CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / sbin / shutdown