Hello Sven, On Wednesday, September 26, 2001 at 5:22:03 PM, you wrote (at least in part):
>> my poor and quick testing showed me it could be possible to combine >> 'fakeroot' >> and 'shutdown'. Beside this I _know_ 'sudo' in combination with 'shutdown' >> does >> work. > Are you sure, i have not installed sudo here, but giving the user the right > rights in sudoers, will make it possible for you to use sudo and shutdown in > combination, i have added a gnome panel launcher with "sudo shutdown -h now" > as command to stop the box, and it worked, i would prefer to have it working > from the logout dialog, as it works for root. I'd also not prefer running it from panel because it may cause a lost of data if the gnome session get ended by a shutdown :-) But I'm quite sure "sudo shutdown" works. In that combination you can avoid the '-a' as root _is allowed_ to shutdown nevertheless, regardless if he 's in '/etc/shutdown.allow' and 'sudo' _makes_ this command running with UID=0 .-) >> I don't know if 'fakeroot' or 'sudo' even would help wiht this issue, as i >> don't know if 'gnome logged in' count's the same as 'tty logged in'. I do >> know >> 'ssh logged in' doesn't! >> As you want using automated login which opens _possible_ security holes (or >> toches security issues) I'd not use 'shutdown -a' for logout but only >> 'fakeroot/sudo shutdown' ... If I switch on the machine and am logged in, the >> check with '-a' if a valid /shutdown-allowed user is logged in is obsolete >> :-) > It is only a security risk if someone has phisical acces to the box, isn't it it is. > ? Since the user was previously running windows 98, this should not be a real > problem, but in the contrary, i think it is a good thing, since it lessens the > barrier to entry. Are there other issues i should know about ? I did not mentioned other issues, but what I intended to say was: shutdown -a checks if a valid/allowed user shuts down the machine. automated login plus allowing the user that becomes logged in automatically to shut down the machine makes the '-a' check obsolete. If the allowed user is loggin in automatically the '-a' check virtually can't fail :-) > Saddly, the gdm halt from the system menu is no more available with automatic > login, letting no easy way to switch off the box available, thus my > investigation in the gnome logout dialog, and the shutdown questions. it is. I don't know if default in /etc/inittab is with or without '-a' (as I don'T remember if I changed it *G*) but there are two possibilities: a line like this in /etc/inittab: ca:12345:ctrlaltdel:/sbin/shutdown -t1 -h now and the user can logout from gdm and finally press <Ctrl>+<Alt>+<Del> and the machine should halt. (-h) This way: ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -h now He has to be in /etc/shutdown.allow and press "<Ctrl>+<Alt>+F1", login with his/her normal login, and than user <Ctrl>+<Alt>+<Del> to shutdown the machine. No problem too. If you care 'bout him/her not understanding the act of 'Login' on console take the first line without '-a' and don't care about /etc/shutdown.allow. HTH -- Best regards Peter
