On Tue, 23 Dec 2008, [email protected] wrote: > > The only other thing being in group operator lets you run, > > apart from what you've added into /etc/devfs.{conf,rules} is > > /sbin/mksnap_ffs .. > > In a default devfs config, it grants read permission to > the disk devices (presumably to enable running dump(8)).
True, so if Gilles' dad really wants to run dump, he most likely can. The .snap directory in the root of a (mounted) file system to be dumped has owner root, group operator, mode 0770 - paraphrasing from dump(8) - and then he'd need mount and write permissions on the dump destination. Doesn't sound too risky if Gilles trusts him enough to run shutdown :) cheers, Ian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
