SEO

Guys & Gals,

How do I enable a non-root user to execute:

shutdown -h 0

The only message I get is that only root can do this.

I've checked the permissions on the shutdown binary, and it is
executable by all (obviously, else it would display the message!)

I am missing a step... could someone please fill me in?

TIA,

Dan.

Daniel J. Smale - RSG <dasm@pml.ac.uk> wrote:
> Guys & Gals,

> How do I enable a non-root user to execute:

> shutdown -h 0

> The only message I get is that only root can do this.

> I've checked the permissions on the shutdown binary, and it is
> executable by all (obviously, else it would display the message!)

> I am missing a step... could someone please fill me in?


A dirty trick i've done for my music-maschine,
which is actuelly a slackbox.
1. I deleted the passwd of the user 'halt'
2. I gave the user 'halt' the uid of 0

So if you get the login prompt, type halt. And
the maschine shuts down. The user halt has no
shell, so there is no security-problem.


Ok, it's dirty. But i'm sure, there are more ways to Rom.

Peter



--
__________________________________________________ ___________________________
Microsoft has been doing a really bad job on their OS.
Linus Torvalds
__________________________________________________ ___________________________

Daniel J. Smale - RSG wrote:

> Guys & Gals,
>
> How do I enable a non-root user to execute:
>
> shutdown -h 0
>
> The only message I get is that only root can do this.
>
> I've checked the permissions on the shutdown binary, and it is
> executable by all (obviously, else it would display the message!)
>
> I am missing a step... could someone please fill me in?
>
> TIA,
>
> Dan.

Tried /etc/shutdown.allow?
That will be much prettier than changing the halt-user!

Greetz Daniel

Peter Herttrich wrote:

>Daniel J. Smale - RSG <dasm@pml.ac.uk> wrote:
>
>
>>Guys & Gals,
>>
>>
>
>
>
>>How do I enable a non-root user to execute:
>>
>>
>
>
>
>>shutdown -h 0
>>
>>
>
>
>
>>The only message I get is that only root can do this.
>>
>>
>
>
>
>>I've checked the permissions on the shutdown binary, and it is
>>executable by all (obviously, else it would display the message!)
>>
>>
>
>
>
>>I am missing a step... could someone please fill me in?
>>
>>
>
>
>A dirty trick i've done for my music-maschine,
>which is actuelly a slackbox.
>1. I deleted the passwd of the user 'halt'
>2. I gave the user 'halt' the uid of 0
>
>So if you get the login prompt, type halt. And
>the maschine shuts down. The user halt has no
>shell, so there is no security-problem.
>
>
>Ok, it's dirty. But i'm sure, there are more ways to Rom.
>
>Peter
>
>
>
>
>
Yep, that's pretty dirty!

My problem is that I have a 'genuine' non-root user that needs o be able
to shut the machine down.

TIA,

Dan.

--
Mr. Daniel J. Smale
Remote Sensing Group
Plymouth Marine Laboratory

Registered Office:
Prospect Place
West Hoe
Plymouth
PL1 3DH
UK

Tel: ++ 44 (0)1752 633100
Fax: ++ 44 (0)1752 633101

e-mail: dasm@pml.ac.uk

-------------------------------------------------------------------
Website: www.pml.ac.uk
Registered Charity No. 1091222
Company No. 4178503
-------------------------------------------------------------------
This e-mail, its content and any file attachments are confidential.
If you have received this e-mail in error please do not copy,
disclose it to any third party or use the contents or attachments
in any way. Please notify the sender by replying to this e-mail or
e-mail forinfo@pml.ac.uk and then delete the email without making
any copies or using it in any other way.

The content of this message may contain personal views which are
not the views of Plymouth Marine Laboratory unless specifically
stated.

Email transmission cannot be guaranteed to be secure or error free
as information may be intercepted, corrupted, lost, destroyed,
arrive late or incomplete or contain viruses. Plymouth Marine
Laboratory accepts no liability for any loss or damage which may
be caused by software viruses.
-------------------------------------------------------------------

"Daniel J. Smale - RSG" <dasm@pml.ac.uk> schreef in bericht
news:3ef80be2$1@news.nwl.ac.uk...
> Guys & Gals,
>
> How do I enable a non-root user to execute:
>
> shutdown -h 0
>
> The only message I get is that only root can do this.
>
> I've checked the permissions on the shutdown binary, and it is
> executable by all (obviously, else it would display the message!)
>
> I am missing a step... could someone please fill me in?
>
> TIA,
>
> Dan.
>

You can configure /etc/inittab to shut down the system on pressing
CTRL-ALT-DEL;
this is IMO the cleanest way.

It's true that normal users can run shutdown but they don't have the root
permissions to
make the system calls, so you have to do chmod +s /sbin/shutdown or
/sbin/halt (not
sure whether they live in /sbin) so that the executables are run as root.

But /sbin is not in the $PATH for normal users so you could place a symlink
from
/usr/local/bin/halt to /sbin/halt so that it's found when somebody wants to
run it.

There, that should be enough info for you

JOoSt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On the dark and fateful day, Tue, 24 Jun 2003 at 08:48 GMT,
Peter Herttrich spewed forth the following rhetoric:

> A dirty trick i've done for my music-maschine,
> which is actuelly a slackbox.
> 1. I deleted the passwd of the user 'halt'
> 2. I gave the user 'halt' the uid of 0
>
> So if you get the login prompt, type halt. And
> the maschine shuts down. The user halt has no
> shell, so there is no security-problem.
>
no security-problem? What if I would ssh to your machine, and use that
account, while you are doing something important?
>
> Ok, it's dirty. But i'm sure, there are more ways to Rom.
>
There sure are, but I wouldn't advice this one!

- --
Bartosz Oudekerk

Wizard guild parking ONLY! Violators will be toad.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE++I71256ZyNYAOpkRAncnAKCNCJlQWLSpMIFbla+SBJ O3RTmchwCdFg7j
bXvoZHR1ogwzXORE7z+CKx8=
=rerg
-----END PGP SIGNATURE-----

On 2003-06-24,
Daniel Schranz <xla@tznetz.com> wrote:
> Daniel J. Smale - RSG wrote:
>>
>> How do I enable a non-root user to execute:
>>
>> shutdown -h 0

I use /etc/sudoers to allow non-root users to do this.

> Tried /etc/shutdown.allow?

That would work too.

--
Mark Hill <mark_usenet@yahoo.co.uk>
Avoid the Gates of Hell. Use Linux
-- unknown source

Bartosz Oudekerk wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On the dark and fateful day, Tue, 24 Jun 2003 at 08:48 GMT,
> Peter Herttrich spewed forth the following rhetoric:
>
>
>>A dirty trick i've done for my music-maschine,
>>which is actuelly a slackbox.
>>1. I deleted the passwd of the user 'halt'
>>2. I gave the user 'halt' the uid of 0
>>
>>So if you get the login prompt, type halt. And
>>the maschine shuts down. The user halt has no
>>shell, so there is no security-problem.
>>
>
> no security-problem? What if I would ssh to your machine, and use that
> account, while you are doing something important?
>
>>Ok, it's dirty. But i'm sure, there are more ways to Rom.
>>
>
> There sure are, but I wouldn't advice this one!


Taking a look at a vanilla Slackware 9.0 /etc/passwd, I find...

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt

Assuming that you /just/ enable the passwords for these two users, vanilla
slackware is /already set up/ to permit user 'halt' to halt the system.

Pat V. has had these two users enabled just this way since (at least)
Slackware 3.0.

--

Lew Pitcher, IT Consultant, Application Architecture
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_.--- Simon spoke in alt.os.linux.slackware --------._
> That tells me that shutdown/halt need to have uid 0,

If that where the case then sudo halt/shutdown would not work.

'---...____ Faux_Pseudo ________________...---~~~

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE++P/Ckjt2bc9NoGsRAuwYAJ9FrJACUs4KqxaGZTsk4AU2fisEAwCfe LBG
FXpGfdj5P4+bXfh6WsaG7Tk=
=Y2VW
-----END PGP SIGNATURE-----

--
ICQ=66618055 : http://asciipr0n.com/fp UPDATED=05/06
YIM=faux_pseudo : Rev: on/closer/joy_division_-_closer__04_-_colony.mp3
He who hesitates : Now: -_20bit_remaste/01_-_same_old_song_and_dance.mp3
is bossed : Fwd: smith/just_push_play/10_-_drop_dead_gorgeous.mp3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <slrnbfhvtl.lb.Faux_Pseudo@fugozi.quasi>, Faux_Pseudo wrote:

> _.--- Simon spoke in alt.os.linux.slackware --------._
>> That tells me that shutdown/halt need to have uid 0,
>
> If that where the case then sudo halt/shutdown would not work.

Does the UID of user shutdown have any bearing on sudo shutdown?
I don't believe the shutdown program runs as the shutdown user
at any point.

- --keith

- --
kkeller-mmmspam@wombat.san-francisco.ca.us
(try just my userid to email me)
alt.os.linux.slackware FAQ: http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj75D7IACgkQhVcNCxZ5ID/sJQCfRc5gtsxnSZETo3JUEN1cFgMf
EYUAn1lSB8MImu1+RYZ9/pXjTAFB4968
=w85I
-----END PGP SIGNATURE-----