On Thu, Dec 9, 2010 at 22:46, Adam Vande More <amvandem...@gmail.com> wrote: > shutdown also give operator more possibilities than a clean shutdown some > which could be very bad. >
I haven't thought about the situation in any detail, but nothing jumps out at me from the manpage. You could do a denial of service thing by kicking people off or endlessly rebooting the system, but intervention to stop that should be easy enough. With reboot, you could require fsck of the filesystem, plus any fallout from databases not stopping properly, etc. Of course, this is all (or should be) academic, since people in "limited" admin groups like operator should be presumed able to escalate to root. I think operator is allowed to run dump, among other things. A big Windows security flaw is adding people to "Power Users," as if that stops anything beyond clumsy mistakes. -- Rob Farmer _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
