On Tue, 23 Dec 2008, per...@pluto.rain.com wrote:
> > The only other thing being in group operator lets you run,
> > apart from what you've added into /etc/devfs.{conf,rules} is
> > /sbin/mksnap_ffs ..
>
> In a default devfs config, it grants read permission to
> the disk devices (presumably to enable running dump(8)).
True, so if Gilles' dad really wants to run dump, he most likely can.
The .snap directory in the root of a (mounted) file system to be dumped
has owner root, group operator, mode 0770 - paraphrasing from dump(8) -
and then he'd need mount and write permissions on the dump destination.
Doesn't sound too risky if Gilles trusts him enough to run shutdown :)
cheers, Ian
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
