On Tue, Oct 17, 2000 at 01:23:47AM +0200, Andreas Hetzmannseder wrote: > > Sorry, Ivan, I didn't make this very clear. I *do* want to use > Ctrl-Alt-Del. I just wanted to point out that it is behaving > differently, since I have '/etc/shutdown.allow'. Now I have to be logged > in at least as a normal user - that wasn't the case before...
normally anyone whether anyone is logged into the console or not can press control alt delete and reboot the system (if you have that line in inittab) adding shutdown.allow changes this so that control-alt-delete only works when a listed user is logged into any of the console ttys. if none are logged in then control-alt-delete is disabled. > Now when I type 'shutdown -a -h now' it still tells me, I have to be > root. It looks like I have to set a SUID-flag. But I would prefer a > better solution. Otherwise: What would 'shutdown.allow' be good for? you could do two different things: add a group `shutdown' and add any authorised users to this group and do a chgrp shutdown /sbin/shutdown && chmod 4754 /sbin/shutdown. or use sudo. i highly reccomend sudo over making shutdown suid. making shutdown suid allows users in that group to call shutdown with whatever arguments they want, which is not a good thing. with sudo you can give specific users the ability to run ONLY "shutdown -h now" with only those exact arguments and no other. then you would run instead: sudo shutdown -h now here is the relevant lines to put in /etc/sudoers (use visudo): Cmnd_Alias SHUTDOWN=/sbin/shutdown -h now Cmnd_Alias REBOOT=/sbin/shutdown -r now username hostname=SHUTDOWN,REBOOT or if you don't want the user password to be required: username hostname=NOPASSWD: SHUTDOWN,REBOOT just be sure to use visudo to edit sudoers it will check your syntax properly. if you don't like the editor it runs (probably vi) then export EDITOR=whatever -- Ethan Benson http://www.alaska.net/~erbenson/
pgp7ZaeVi0BtZ.pgp
Description: PGP signature
