Inspired by a recent post http://marc.info/?l=openbsd-misc&m=118999679514195 I was wondering if the participants in misc@openbsd.org would help me brainstorm. I want to give the operator group greater permissions than it currently has, so that any member of the group can perform most of the basic actions of a system administrator or desktop/laptop owner, without resorting to sudo.
Of course, this is not without some risk, but the acid test I will use is: (1) Is permission to perform the action required by most desktop/laptop owners and low-level system administrators during routine or everyday work? (2) If "yes", then does permitting the operator group to perform this action expose the system to no more risk than permitting the individual to perform the action with sudo? The idea is that if almost everybody is giving themselves these permissions with sudo, then we might as well automatically grant these permissions to members of the operator group. The first thing on my wish-list is greater device access. The operator should have read/write access to many of the devices in /dev, especially USB drives, tape drives, and CD drives. This could be accomplished by giving the devices operator ownership. But which devices shouldn't the operator have read/write access to? And then there is CD/DVD burning. What permissions does an operator need to burn a CD or DVD (with cdrecord or growisofs) without logging in as root?
