Very Computer

by **XYZ** » Sun, 15 Apr 2001 11:57:45

Hi,
I have 3 IBM's RS6000 AIX Version 4.3 43P Model Number 150. I have to
create a account to automatically shutdown the system. i.e. if Any user logs
into the account, remotely or locally, the system must immediately shutdown,
without allowing the user to do anything. I do not want to su to root or
login to root and then shutdown the system. We are using the CDE as our X
interface. We have created such a account, with the following attributes :-
login name "shutdown"
Primary Group :- System
Secondary Groups :- sys,bin,adm
User can remotely login :- Yes
User ID :- 207
Primary Shell :- ksh
The following lines have been added to the .profile file
Shutdown -h now
I have also tried to give the following command in the .profile file,
without any effect
sync;sync;sync;sync;sync;halt
But the problem is this that whenever the user logs in, the system does not
shutdown immediately, upon the login of the user. Rather the user can do
normal work as a normal user does. But this is creating a security headache
for me, as the user has system privileges(See the groups to which this user
belongs to).
If anybody knows what I am doing wrong and how to rectify it then their
suggestions will be appreciated. If anybody knows a different way how to
achive what I am trying to do, then his suggestions are also welcome.
Remember I do not want to login as root or su as root to shutdown the
system.
Thanks in advance,
--
Have a nice day
To mail me delete ".removethispart.", including the dots in email id

by **pe..** » Mon, 16 Apr 2001 01:33:54

> Hi,
> I have 3 IBM's RS6000 AIX Version 4.3 43P Model Number 150. I have to
> create a account to automatically shutdown the system. i.e. if Any user logs
> into the account, remotely or locally, the system must immediately shutdown,
> without allowing the user to do anything. I do not want to su to root or
> login to root and then shutdown the system. We are using the CDE as our X
> interface. We have created such a account, with the following attributes :-
> login name "shutdown"
> Primary Group :- System
> Secondary Groups :- sys,bin,adm
> User can remotely login :- Yes
> User ID :- 207
> Primary Shell :- ksh
> The following lines have been added to the .profile file
> Shutdown -h now
> I have also tried to give the following command in the .profile file,
> without any effect
> sync;sync;sync;sync;sync;halt
> But the problem is this that whenever the user logs in, the system does not
> shutdown immediately, upon the login of the user. Rather the user can do
> normal work as a normal user does. But this is creating a security headache
> for me, as the user has system privileges(See the groups to which this user
> belongs to).
> If anybody knows what I am doing wrong and how to rectify it then their
> suggestions will be appreciated. If anybody knows a different way how to
> achive what I am trying to do, then his suggestions are also welcome.
> Remember I do not want to login as root or su as root to shutdown the
> system.

Drop the idea of "shutdown account" and install sudo instead. Then
configure /etc/sudoers so selected users are able to run the normal "shutdown" command.

Quote:> Thanks in advance,
> --
> Have a nice day
> To mail me delete ".removethispart.", including the dots in email id

--
Peter H?kanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam"and "invalid" and it works.

by **hymi** » Tue, 17 Apr 2001 22:47:27

In our last episode, the evil Dr. Lacto had captured our hero,

Quote:> The following lines have been added to the .profile file
> Shutdown -h now

You misspelled "shutdown". Could that be the source of your problem?

You might need the full path to the shutdown command.

Are you getting any error messages to the screen or in the syslogs?

===============================================================================
We're all water from different rivers. --Yoko Ono
===============================================================================

by **Anthony W. Youngma** » Wed, 18 Apr 2001 22:11:38

And you don't want .profile to contain the shutdown command !

I created a script which contained the shutdown command, and then
defined this in /etc/passwd to be the shutdown user's shell. They log
in, login fires off the script, the shutdown command executes, the
script exits and terminates the user, and the system goes down.

Doing it this way there is almost no chance that the user is left in
possession of a root shell, even if things go wrong...

-----Original Message-----

Posted At: 16 April 2001 14:47
Posted To: admin
Conversation: Shutdown Woes!
Subject: Re: Shutdown Woes!

In our last episode, the evil Dr. Lacto had captured our hero,

> The following lines have been added to the .profile file
> Shutdown -h now

You misspelled "shutdown". Could that be the source of your problem?

You might need the full path to the shutdown command.

Are you getting any error messages to the screen or in the syslogs?

hymie! http://www.smart.net/~hymowitz

========================================================================
=======
We're all water from different rivers.
--Yoko Ono
========================================================================
=======

by **Urban A. Haa** » Sat, 21 Apr 2001 23:42:51

Or add the user to the shutdown role.

--
Urban A. Haas
CEO - Urban Technology, Inc.
Minneapolis, MN USA
Phone: (952) 595-8810 Fax: (952) 595-8710

Web: http://www.urbantechnology.com

This e-mail was composed of 100% recycled bits.

> > Hi,
> > I have 3 IBM's RS6000 AIX Version 4.3 43P Model Number 150. I have to
> > create a account to automatically shutdown the system. i.e. if Any user
logs
> > into the account, remotely or locally, the system must immediately
shutdown,
> > without allowing the user to do anything. I do not want to su to root or
> > login to root and then shutdown the system. We are using the CDE as our
X
> > interface. We have created such a account, with the following attributes
:-
> > login name "shutdown"
> > Primary Group :- System
> > Secondary Groups :- sys,bin,adm
> > User can remotely login :- Yes
> > User ID :- 207
> > Primary Shell :- ksh
> > The following lines have been added to the .profile file
> > Shutdown -h now
> > I have also tried to give the following command in the .profile file,
> > without any effect
> > sync;sync;sync;sync;sync;halt
> > But the problem is this that whenever the user logs in, the system does
not
> > shutdown immediately, upon the login of the user. Rather the user can do
> > normal work as a normal user does. But this is creating a security
headache
> > for me, as the user has system privileges(See the groups to which this
user
> > belongs to).
> > If anybody knows what I am doing wrong and how to rectify it then
their
> > suggestions will be appreciated. If anybody knows a different way how to
> > achive what I am trying to do, then his suggestions are also welcome.
> > Remember I do not want to login as root or su as root to shutdown the
> > system.

> Drop the idea of "shutdown account" and install sudo instead. Then
> configure /etc/sudoers so selected users are able to run the normal
"shutdown" command.

> > Thanks in advance,
> > --
> > Have a nice day
> > To mail me delete ".removethispart.", including the dots in email id

> --
> Peter H?kanson
> IPSec Sverige (At the Riverside of Gothenburg, home of
Volvo)
> Sorry about my e-mail address, but i'm trying to keep spam out.
> Remove "icke-reklam"and "invalid" and it works.