shutdown permissions

shutdown permissions

Post by Anthony Ewel » Mon, 03 Mar 2003 10:05:44



Hi All,

    Not to ask too stupid of a question, but what
governs who can shutdown their computer?  (I have
always had root privileges and it has never been
an issue.  Now I have to give some non-root users
shutdown privileges and other no privileges.)

Many thanks,
--Tony

--
-------------------------
I Fish.  Therefore, I am.
-------------------------

 
 
 

shutdown permissions

Post by Davi » Mon, 03 Mar 2003 11:02:02



> Hi All,

>    Not to ask too stupid of a question, but what
> governs who can shutdown their computer?  (I have
> always had root privileges and it has never been
> an issue.  Now I have to give some non-root users
> shutdown privileges and other no privileges.)

man  sudo

--
Confucius:  He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org
Slackware 9.0-beta Linux 2.4.20tbls i686 (GCC) 3.2.2
Uptime: 10 days, 4:22, 1 user, load average: 1.01, 1.10, 1.10

 
 
 

shutdown permissions

Post by Frank Neurat » Mon, 03 Mar 2003 15:06:13



> Hi All,

>     Not to ask too stupid of a question, but what
> governs who can shutdown their computer?  (I have
> always had root privileges and it has never been
> an issue.  Now I have to give some non-root users
> shutdown privileges and other no privileges.)

> Many thanks,
> --Tony


This concerns a security issue, since when someone can reboot a system, he
could use a boot-CD/-floppy (if enabled in the BIOS), could introduce
parameter to the boot manager etc.

Frank

 
 
 

shutdown permissions

Post by Adam » Mon, 03 Mar 2003 17:17:31




>> Hi All,

>>     Not to ask too stupid of a question, but what
>> governs who can shutdown their computer?  (I have
>> always had root privileges and it has never been
>> an issue.  Now I have to give some non-root users
>> shutdown privileges and other no privileges.)

>> Many thanks,
>> --Tony

> This concerns a security issue, since when someone can reboot a system, he
> could use a boot-CD/-floppy (if enabled in the BIOS), could introduce
> parameter to the boot manager etc.

True, but someone who has physical access to the machine anyway could just
hit the reset or power button to boot with a floppy.
 
 
 

shutdown permissions

Post by Jem Berke » Mon, 03 Mar 2003 18:08:21


Quote:> True, but someone who has physical access to the machine anyway could
> just hit the reset or power button to boot with a floppy.

or just take your hard drive

--
Jem Berkes
http://www.pc-tools.net/
Windows, Linux & UNIX software

 
 
 

shutdown permissions

Post by Wojtek Walcza » Mon, 03 Mar 2003 18:50:18


Dnia Sat, 01 Mar 2003 17:05:44 -0800, Anthony Ewell napisa3(a):
Quote:>     Not to ask too stupid of a question, but what
> governs who can shutdown their computer?  (I have
> always had root privileges and it has never been
> an issue.  Now I have to give some non-root users
> shutdown privileges and other no privileges.)

Take a look at sudo: <http://www.courtesan.com/sudo/>.

--
[ ] gminick (at) underground.org.pl  http://gminick.linuxsecurity.pl/ [ ]
[ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]

 
 
 

shutdown permissions

Post by Robert Tinsle » Mon, 03 Mar 2003 22:27:52



> This concerns a security issue, since when someone can reboot a system, he
> could use a boot-CD/-floppy (if enabled in the BIOS), could introduce
> parameter to the boot manager etc.

actually, the main security threat is to system availability.

--
http://www.thepoacher.net/contact

 
 
 

shutdown permissions

Post by Robert Tinsle » Mon, 03 Mar 2003 22:33:59



> Have a look at /etc/shutdown.allow
> Google on it and you have what you want without giving root stuff like the
> answers below mine.

Actually, it looks like shutdown.allow is intended to control who can
shutdown the system by hitting ctrl-alt-del (i.e. they must be at the
console), rather than who can do it by issuing the 'shutdown' command,
which might not be what the OP is looking for.

From shutdown(8):

: If  shut-
: down  is  called  with  the  -a argument (add this to the invocation of
: shutdown in /etc/inittab), it checks to  see  if  the  file  /etc/shut-
: down.allow  is  present.  It then compares the login names in that file
: with the list of people that are logged in on a virtual  console  (from
: /var/run/utmp). Only if one of those authorized users or root is logged
: in, it will proceed. Otherwise it will write the message
:                                                                                                                              
: shutdown: no authorized users logged in

--
http://www.thepoacher.net/contact

 
 
 

shutdown permissions

Post by Jerry Peter » Tue, 04 Mar 2003 05:45:32



> Hi All,
>    Not to ask too stupid of a question, but what
> governs who can shutdown their computer?  (I have
> always had root privileges and it has never been
> an issue.  Now I have to give some non-root users
> shutdown privileges and other no privileges.)
> Many thanks,
> --Tony

> --
> -------------------------
> I Fish.  Therefore, I am.
> -------------------------

sudo, here's an example of what you want from my /etc/sudoers:

# Cmnd alias specification
Cmnd_Alias LP=/usr/sbin/lpc,/usr/bin/lprm
Cmnd_Alias SHUT=/sbin/shutdown,/sbin/halt,/sbin/reboot,/sbin/telinit
Cmnd_Alias CDROM=/usr/local/sbin/cdrom,/usr/local/sbin/cdr

# User specification
root    ALL=ALL
xxx     ALL=(root)NOPASSWD:LP,(root)NOPASSWD:SHUT,(root)NOPASSWD:CDROM

        Jerry

 
 
 

shutdown permissions

Post by Alessandro Sell » Tue, 04 Mar 2003 20:11:44


Il giorno Sat, 1 Mar 2003, Anthony Ewell cos ha scritto:


|Date: Sat, 01 Mar 2003 17:05:44 -0800
|Subject: shutdown permissions
|
|Hi All,
|
|    Not to ask too stupid of a question, but what
|governs who can shutdown their computer?  (I have
|always had root privileges and it has never been
|an issue.  Now I have to give some non-root users
|shutdown privileges and other no privileges.)
|

I think the easiest setup you can deploy, is having a "shutdown" group on your
system and issue # chgrp shutdown /sbin/shutdown ; chmod 4750 /sbin/shutdown
  Now, if shutdown is the only command able to reboot/shutdown your system,
only users belonging to the "shutdown" group can do it.

  Sandro

--
Bellum se ipsum alet
       La guerra nutre se stessa

Livio, Ab urbe condita, XXXIV,9

 
 
 

1. Shutdown permissions

We have a standalone PC at home running both Suse 7.1 Linux and Windows
ME. We use KDE on Linux, with the default graphical login manager.

Since this is at home, it would be nice if pushing the "shutdown" button

on the graphical login manager would allow anyone to shut the machine
down. Unfortunately, I can't figure out how to do this. Pushing this
button requires entering the root password before shutdown will occur.

/etc/shutdown.allow sounded like a good possibility, but it doesn't seem
to do
the job. The man page implies that you have to be logged in and have
permission in the shutdown.allow file. No one is logged in when the
graphical login manager is up.

Any suggestions of what to do or what to read to figure this out will be

greatly appreciated.

Steve Smith

2. Epson printer in WordPerfect for Linux

3. User's shutdown permissions for RH 5.2 ?

4. AUGH!! Mandrake 7.1 Installation Errors (partitions)

5. giving user shutdown permission

6. hostname

7. How do I grant shutdown permissions to users ?

8. How to place a comma in 'a{b,c,d}e' metanotation

9. Q: Shutdown permissions

10. shutdown permission

11. How to give users permission to shutdown?

12. Permissions changes after "shutdown"?