On Sun, 2013-09-08 at 03:44 +0100, Ken Moffat wrote: > > For a safer system, limiting privileges is a good idea. To shut > down a *desktop* box, I'm happy using a hack to let a user run > 'shutdown' - but I'm the only user of those machines, and I can > only run the user shutdown script from a tty (not an xterm, nor when > using ssh to connect to a system). Some other people use 'sudo' and > allow (some) normal users to shutdown, others run desktop > environments where ConsoleKit gives permissions to whoever is at the > physical machine. Every alternative method has its own advantages > an disadvantages.
I've seen ways of tricking ConsoleKit before, I just use whatever my distro uses as they fix known vulnerabilities with the method they offer - and for my LFS system, this is probably not the best solution but I just have a cron job running as root once a minute that looks for /tmp/shutdown and /tmp/reboot - and then executes the appropriate command if either exist. That means anyone who has write access to /tmp can shutdown or reboot but I'm the only user. That way though I don't have to either use sudo (I dis-like sudo) or su to root. -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
