matthew green wrote:

> i also really think we should remove the set-id bit on /bin/df.
> any one object to this?

Unmounted filesystems are the domian of the sysadmin-type-person, and so
to my way of thinking being able to access info about those filesystems
should require the same privileges that are needed to operate on otherwise
unmounted filesystems.  Note that anyone doing this may well be in group
"operator" already, so they'll already be able to read the disk devices
and losing the setgid bit won't make a difference to them.

I also think that same reasoning applies to /sbin/ccdconfig.  Other
diskish commands (disklabel, raidctl and vnconfig come to mind) don't
have extra permissions to allow normal unprivileged users to run them,
and I'm not sure why ccdconfig should be special in this regard.

Simon.
--
Simon Burge                            <simonb@wasabisystems.com>
NetBSD CDs, Support and Service:    http://www.wasabisystems.com/