On Thu, 3 Aug 2006 22:30:40 +0200, Geert Hendrickx <ghen@NetBSD.org> wrote:

> On Thu, Aug 03, 2006 at 04:12:41PM -0400, Greg A. Woods wrote:
> > > - we should create separate groups to implement shutdown(8) and backup
> > >   privileges.  
> > 
> > That's not so easy as it might seem.
> 
> Why not?  Currently, /sbin/shutdown is 4550 for root:operator, so only
> users in the operator group can execute it (with elevated privileges).
> It's as easy as chgrp'ing it to another group (say, "shutdown"), and adding
> users to that group.  
> 
And the same could be done with dump/restore, by having a setuid
root program, executable only by group operator, to exec() them.


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb