The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen
projects / openbsd / commit