Blake Barnett <[EMAIL PROTECTED]> writes: > Can't you give a group sudo access? If so, just add everyone to a group > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
That's exactly what my sudo setup does right now. The problem is that apparently *everyone* needs to be able to shut down the machine (for reasons that are beyond me). Added accounts on an as needed basis is fine with me, but I don't fancy creating, oh, 250+ password protected accounts just to meet policy. > Or you could write your own script which wraps around halt/shutdown and > logs what it's doing via logger or syslog... > > On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote: > > Dear .debs, > > > > I'm maintaining a (small-time) group server for our department. In > > order to satisfy company policy requirements I need to provide a way > > to shutdown the server in case of emergencies. Our network admin was > > kind enough to give me two alternatives: > > > > 1) provide an on-screen shutdown button > > 2) provide a shutdown user account (and document its usage) > > > > I didn't like either approach because they lack accountability: after > > a shutdown I can't tell *who* did it. > > BTW, the server has no screen for buttons, so 1) is not an option to > > begin with. You have to ssh in to do anything (exploit one of inetd, > > exim, samba or apache in some way may be an alternative ;-). > > > > I came up with a 'sudo /sbin/halt' for department members (and others > > on an as needed basis), but that was no good. Everyone has to be able > > to shut it down. I racked my brains but didn't come up with anything > > that provides accountability. Anyone any suggestions? > > > > Right now, I'm stuck with 2) and writing the password on the machine > > (or similar) *or* stay with what I have now and take my chances with > > people flicking the power switch. > > BTW, the server is not in a physically secure location, so I run the > > power switch thingy risk anyway. > > > > Suggestions, discussions of pros and cons welcome, > > -- > > Olaf Meeuwissen Epson Kowa Corporation, Research and Development > > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 > > LPIC-2 -- I hack, therefore I am -- BOFH > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- > Blake Barnett (bdb) <[EMAIL PROTECTED]> > Sr. Unix Administrator > DevelopOnline.com office: 480-377-6816 > > "Do, or do not. There is no try." --Yoda > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
