Operator group and reboot cmd
rank1seeker at gmail.com
rank1seeker at gmail.com
Tue Dec 19 02:54:24 UTC 2017
On Mon, 18 Dec 2017 20:19:58 +0000
Ben Woods <woodsb02 at gmail.com> wrote:
> On Tue, 19 Dec 2017 at 2:53 am, <rank1seeker at gmail.com> wrote:
>
> > 11.1 REL-p6
> >
> > As a non-root user and member of operator group, I was able to
> > issue a poweroff and shutdown commands (group set to operator), but
> > not a reboot (group set to wheel) command (Operation not permitted).
> >
> > I was able to reboot by:
> > $ shutdown -r now
> >
> > But to use reboot, cmd I had to:
> > # chgrp 5 /sbin/reboot
> > # chmod 4554 /sbin/reboot
> > Shouldn't this be set by default install?
> > # exit
> >
> > $ reboot
>
>
> I suspect this is deliberate because the reboot command does not give
> processes a proper chance to exit cleanly. Therefore, it makes sense
> if only those in the wheel group can use this big hammer, whilst
> operators must follow the proper shutdown model.
>
> From the reboot man page:
> https://man.freebsd.org/reboot
>
> “Normally, the shutdown(8) utility is used when the system needs to
> be halted or restarted, giving users advance warning of their
> impending doom and cleanly terminating specific programs.”
>
>
> Regards,
>
> Ben
Thanks Ben,
I'll have to investigate it, but in a meantime I've figured that it
auto affected:
-r-sr-xr-- 4 root operator /sbin/fastboot
-r-sr-xr-- 4 root operator /sbin/fasthalt
-r-sr-xr-- 4 root operator /sbin/halt
which means those are hardlinks and man proves it ...
More information about the freebsd-hackers
mailing list