On Wednesday 31 December 2003 16:37, Dany wrote: > Thanks Harry for taking the time to answer my questions. I think based > on your comments it should work. > > Is there any security concern having a user belonging to the group > operator ?
I never really cared about. AnonFTP is owned by operator, but in general I think wheel is worse than operator. Please correct me anybody, I don't really care on my workstation ;) Best is to have a look through the (default) filesystem and see if operator has any write permissions where it was no good. I'm quiet sure wheel has much too much read permissions for "normal" users. But that doesn't matter for useres who can su ;) Happy new year, -Harry > > Thanks again > Dany > > Harald Schmalzbauer wrote: > >On Wednesday 31 December 2003 16:07, Dany wrote: > >>Harald Schmalzbauer wrote: > > > >*SNIP* > > > >>This is pretty much what I've tried. My user is in the Wheel group. > >>Would this exact configuration work ? Should I set any other > >>permission in order to have the user from the wheel group to mount > >> drives? > >> > >>Thanks for posting your configuration. > >> > >>PS: One thing I've noticed with this specific user, whenever he creates > >>something the file/directory will show owner:username group:username. > >>I've used the command "groups" as well as chpass I think and they gave > >>me only one group for this username... wheel. Why doesn't wheel appear > >>as the group owner for stuff that username is creating ? > > > >When you add a user with "adduser" by default FreeBSD creates a group > > similar named like the username. If you later say that this user should > > be in group wheel it's additional. > > > >>>>>>>added the following to /dev/devfs.conf > >>>>>>>link acd0 cdrom > >>>>>>>perm acd0 0660 > > > >This line just gives write access to group. You can either add the line: > >own acd0 root:wheel > > > >or you edit /etc/groups and add your user to the group operator. > >I'd prefere the latter. > > > >Here's my simple /etc/group example: > ># $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ > ># > >wheel:*:0:root,harry > >daemon:*:1: > >kmem:*:2: > >sys:*:3: > >tty:*:4: > >operator:*:5:root,harry > >mail:*:6: > >bin:*:7: > >news:*:8: > >man:*:9: > >games:*:13: > >staff:*:20: > >sshd:*:22: > >smmsp:*:25: > >mailnull:*:26: > >guest:*:31: > >bind:*:53: > >uucp:*:66: > >dialer:*:68: > >network:*:69: > >www:*:80: > >nogroup:*:65533: > >nobody:*:65534: > >harry:*:####: > >uli:*:####: > >schowi:*:####: > >administrator:*:####: > >alle:*:####:root,harry,uli,schowi,administrator > >setiathome:*:####: > > > >-Harry