On Tue, Jan 03, 2006 at 07:04:36PM +0100, Joachim Schipper wrote: > On Tue, Jan 03, 2006 at 12:45:46PM -0500, Michael Erdely wrote: > > Add dad to the operator group which can run /sbin/shutdown without sudo. > > That's not a very good idea. > > $ ls -la /dev/wd* > brw-r----- 1 root operator 0, 0 Nov 2 18:20 /dev/wd0a > brw-r----- 1 root operator 0, 1 Nov 2 18:20 /dev/wd0b > brw-r----- 1 root operator 0, 2 Nov 2 18:20 /dev/wd0c > <more> > brw-r----- 1 root operator 0, 15 Nov 2 18:20 /dev/wd0p > brw-r----- 1 root operator 0, 16 Nov 2 18:19 /dev/wd1a > <and so on> > > And operator has more priviliges; more than enough to trash the system, > if he wants to, or to get root, if he is somewhat skilled. Far better to > just change a single line in /etc/sudoers.
while i don't disagree with your advice, could you still advice me on messing things up with operator privileges, as i'm curious... because i can't see how being able to read disks will give out enough information to do either Juha
