On Wed, Aug 22, 2018 at 06:38:11PM -0700, Chris Bennett wrote: > Well, there are probably additional reasons too, but my father happily > runs OpenBSD. Of course, he needs to be able to turn the computer off.
I would recommend using doas(1) to grant 'shutdown' to a particular user. You don't want to run a web browser from an account in the operator group. The operator group grants permissions far beyond turning the computer off. The group has read access to raw disk devices. Applications running as operator can bypass filesystem permissions by reading raw disk blocks. $ ls -l /dev/sd0a brw-r----- 1 root operator - 4, 0 Apr 5 22:02 /dev/sd0a This means for instance that secrets stored in /etc are exposed. Password hashes, letsencrypt account keys and certs, smtp auth passwords, wifi passwords, VPN secrets, ... My understanding is that operator was introduced at a time when taking system backups required the computer to wait for tapes being swapped by a human. These operators didn't need root but were trusted with sensitive data.
