From 1105dba72eac676a382118686dc491cc5e949794 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 19 Jun 2023 13:05:25 +0000 Subject: [PATCH] The group "operator" gatekeeps a few superuser abilities (dumping disks, manipulating tape drives -> means gid operator on device nodes). This group is also used with group-access bit on the setuid-root shutdown command (mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but use of that group is giving them disk read access also, which is wrong. It would be a pain to re-gid all the device nodes, so instead let's renumber the operator execution gid into group "_shutdown". Users using this shutdown/reboot functionality will notice it no longer works, and move themselves to the correct group. Various choices discussed at large, this seems our best choice. ok sthen --- etc/group | 1 + sbin/shutdown/Makefile | 4 ++-- sbin/shutdown/shutdown.8 | 13 +++++++++++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/etc/group b/etc/group index 30c4313d292..55db71f9096 100644 --- a/etc/group +++ b/etc/group @@ -81,5 +81,6 @@ _sndiop:*:110: _syspatch:*:112: _slaacd:*:115: dialer:*:117: +_shutdown:*:118: nogroup:*:32766: nobody:*:32767: diff --git a/sbin/shutdown/Makefile b/sbin/shutdown/Makefile index a4fb13e8fd9..d2d1138f286 100644 --- a/sbin/shutdown/Makefile +++ b/sbin/shutdown/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.3 1997/09/21 11:38:13 deraadt Exp $ +# $OpenBSD: Makefile,v 1.4 2023/06/19 13:05:25 deraadt Exp $ PROG= shutdown MAN= shutdown.8 BINOWN= root -BINGRP= operator +BINGRP= _shutdown BINMODE=4550 .include diff --git a/sbin/shutdown/shutdown.8 b/sbin/shutdown/shutdown.8 index 5f6ae5624e8..275c5563712 100644 --- a/sbin/shutdown/shutdown.8 +++ b/sbin/shutdown/shutdown.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: shutdown.8,v 1.43 2023/02/04 13:03:58 jsg Exp $ +.\" $OpenBSD: shutdown.8,v 1.44 2023/06/19 13:05:25 deraadt Exp $ .\" $NetBSD: shutdown.8,v 1.6 1995/03/18 15:01:07 cgd Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)shutdown.8 8.1 (Berkeley) 6/5/93 .\" -.Dd $Mdocdate: February 4 2023 $ +.Dd $Mdocdate: June 19 2023 $ .Dt SHUTDOWN 8 .Os .Sh NAME @@ -54,6 +54,15 @@ command is issued without options, the system is placed in single user mode at the indicated time after shutting down all system services. .Pp +Users in the +.Va _shutdown +group can also run the +.Nm +command. +Historically this permission was tied to the +.Va operator +group. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl d -- 2.20.1