The group "operator" gatekeeps a few superuser abilities (dumping disks,

manipulating tape drives -> means gid operator on device nodes).  This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s).  Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen

0 files changed, 0 insertions, 0 deletions