On Wed, Mar 06, 2002 at 04:11:44PM -0500, dman wrote: > > I want to allow my dad to shut down the router/gateway. I want to do > this by creating a login name "halt" that simply shuts down. I did > this by making /sbin/halt the shell. As I understand it, only root is > allowed to halt a system, so I made halt owned by root:halt with > permissions 4754. This works, but I am interested in comments on the > pros/cons of this setup. In addition, I want to disallow loggin in as > 'halt' via ssh. How can I do that?
Since you say that you want to disallow ssh access, I assume your dad has physical access to the console, correct? Just have him go to a text console (Ctrl-Alt-F1) if the router is, for some reason, in X, then hit ctrl-alt-del. The default action in Debian is to reboot (which would actually work - just let it reboot, then power down before the OS loads), but you can change that by editing the lines in /etc/inittab which say: # What to do when CTRL-ALT-DEL is pressed. ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now and changing the -r (reboot) to -h (halt) and you don't need to create a funky user or mess with /sbin/halt's permissions at all. But, to answer the question you asked, you can use AllowUsers or DenyUsers commands in /etc/sshd_config to control which users are allowed to connect via ssh. -- When we reduce our own liberties to stop terrorism, the terrorists have already won. - reverius Innocence is no protection when governments go bad. - Tom Swiss
