Subject: Re: What's in my swap
To: Geert Hendrickx <ghen@netbsd.org>
From: matthew sporleder <msporleder@gmail.com>
List: current-users
Date: 08/02/2006 08:54:08
On 8/2/06, Geert Hendrickx <ghen@netbsd.org> wrote:
> On Wed, Aug 02, 2006 at 02:39:01PM +0200, Johnny Billquist wrote:
> > Well, what did you expect when you added them to the operator group?  The
> > operator have read access to the raw devices. Security "risk"? You bet!
> > An operator can read anything on a disk. They need to, in order to make a
> > backup!
>
> Then I think either:
>
> - an exception should be made for *b devices, as swap is never backed up
> - we should create separate groups to implement shutdown(8) and backup
>   privileges.
>
>         Geert
>

Now you're starting to get into fancy ACL's and RBAC.  Good luck :)