| View previous topic :: View next topic |
| Author |
Message |
Guest
|
 Posted: Tue Apr 30, 2002 5:59 pm Post subject: How do I allow normal users to shutdown/reboot? |
 |
|
I have to log in as root to reboot, HELP!
How do I allow my parents to shutdown the computer without giving them my root password?
 |
|
| Back to top |
|
 |
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Tue Apr 30, 2002 7:47 pm Post subject: Re: How do I allow normal users to shutdown/reboot? |
|
|
| Anonymous wrote: | | How do I allow my parents to shutdown the computer without giving them my root password? |
RTFM?
Or, to quote:
| Quote: |
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creat-
ing an appropriate entry in /etc/inittab. This means that everyone who has physical access
to the console keyboard can shut the system down. To prevent this, shutdown can check to
see if an authorized user is logged in on one of the virtual consoles. If shutdown is
called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it
checks to see if the file /etc/shutdown.allow is present. It then compares the login names
in that file with the list of people that are logged in on a virtual console (from
/var/run/utmp). Only if one of those authorized users or root is logged in, it will pro-
ceed. Otherwise it will write the message
shutdown: no authorized users logged in
to the (physical) system console. The format of /etc/shutdown.allow is one user name per
line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a
limit of 32 users in this file.
Note that if /etc/shutdown.allow is not present, the -a argument is ignored.
|
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
rizzo
Retired Dev
Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA
|
| Posted: Sun Jun 23, 2002 6:45 pm Post subject: |
|
|
| /etc/inittab has ctrlaltdel calling a shutdown -r, which would reboot, not shutdown the system. At least this is the case on my (gasp) redhat 7.3 box. While I could easily change the -r to -h, I though I'd just give you the FYI. |
|
| Back to top |
|
|
f.kater
Guru
Joined: 23 May 2002
Posts: 342
Location: Berlin
|
| Posted: Sun Oct 27, 2002 11:43 am Post subject: |
|
|
In
http://gnomesupport.org/forums/viewtopic.php?t=315
I finally found a way for gnome users to shutdown without turning back to gdm first and using the built-in action/log out menu.
As root do
| Code: | chmod +s /sbin/shutdown
chmod +s /sbin/reboot |
Realise that afterwards your system will be less secure. |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Sun Oct 27, 2002 12:29 pm Post subject: |
|
|
| f.kater wrote: | As root do
| Code: | chmod +s /sbin/shutdown
chmod +s /sbin/reboot |
Realise that afterwards your system will be less secure. |
To somewhat mitigate this added insecurity, does it still work if you eliminate all privileges to the world and only allow rx to a particular group, for example root.wheel 4750?
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
waverider202
Tux's lil' helper
Joined: 25 Sep 2002
Posts: 146
Location: Drexel University
|
| Posted: Sun Oct 27, 2002 4:26 pm Post subject: sudo |
|
|
I'm guessing sudo can do it, w/o passwd on a per-user or per-group basis.
_________________
 |
|
| Back to top |
|
|
f.kater
Guru
Joined: 23 May 2002
Posts: 342
Location: Berlin
|
|
| Back to top |
|
|
floam
Veteran
Joined: 27 Oct 2002
Posts: 1067
Location: Vancouver, WA USA
|
| Posted: Mon Oct 28, 2002 3:54 am Post subject: |
|
|
why in the hell do your parents get to use your computer. tell em to buy their own. and if its their computer; get a job and buy your own. and the answer is sudo.
Edit: I made this post quite a while ago, and now realize I must look pretty rude. Sorry.
Last edited by floam on Fri Mar 05, 2004 11:54 pm; edited 2 times in total |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Mon Oct 28, 2002 9:04 am Post subject: |
|
|
| ctrl-alt-del works for me. |
|
| Back to top |
|
|
jondkent
Apprentice
Joined: 26 Jul 2002
Posts: 289
Location: London
|
| Posted: Mon Oct 28, 2002 9:59 am Post subject: |
|
|
Look at this link
https://forums.gentoo.org/viewtopic.php?t=19791
to be secure sudo is the best route, but this explained in the above link.
My opinion is that using the suid bit is a bad route to take, I've also explained why the above link.
Jon |
|
| Back to top |
|
|
f.kater
Guru
Joined: 23 May 2002
Posts: 342
Location: Berlin
|
| Posted: Mon Oct 28, 2002 11:48 am Post subject: |
|
|
Hi, I use sudo (as I wrote in the other post, see link above) and it works for teminals.
But I am not identical with the "guest" who started this issue and I was looking for a way to shutdown from within GNOME using the built-in shutdown menu. This one doesn't seem to work with sudo. Did you manage to do it with sudo, then? |
|
| Back to top |
|
|
jondkent
Apprentice
Joined: 26 Jul 2002
Posts: 289
Location: London
|
| Posted: Mon Oct 28, 2002 12:19 pm Post subject: |
|
|
Don't use gnome, so can't really answer you re Gnome I'm afriad 
I'll take a guess that the best route maybe to find what Gnome is using to shutdown the system and change this to use sudo, or use a script that uses sudo. Just an idea.
Jon |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20067
|
| Posted: Mon Apr 21, 2003 9:00 pm Post subject: |
|
|
See also Gnome2 reboot problem
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
sisob
Apprentice
Joined: 28 Jun 2002
Posts: 274
Location: Ireland
|
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20067
|
| Posted: Mon Apr 21, 2003 9:13 pm Post subject: |
|
|
sisob: Thanks for the links.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
gcasillo
l33t
Joined: 23 Sep 2003
Posts: 739
Location: Cincinnati, Ohio, USA
|
| Posted: Wed Oct 29, 2003 3:28 am Post subject: |
|
|
| I was dissappointed to see an administrator post "RTFM?" and a guru post "why in the hell do your parents get to use your computer. tell em to buy their own. and if its their computer; get a job and buy your own. and teh answer is sudo" in this thread while searching for a solution. Please be professional to people looking for solutions, or just don't bother posting. |
|
| Back to top |
|
|
kallamej
Administrator
Joined: 27 Jun 2003
Posts: 4975
Location: Gothenburg, Sweden
|
| Posted: Wed Oct 29, 2003 10:57 am Post subject: |
|
|
Don't mistake the current status of a poster and that (s)he had at the time of a particular post. If you check the date that floam wrote that post and the date he registered, I hope you'll realise that he wasn't a "Guru" at that time. Of course, the rating is only based on the number of posts so it doesn't say anything about the quality of the posts. The same applies to admin/moderator/developer.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.libera.chat |
|
| Back to top |
|
|
gcasillo
l33t
Joined: 23 Sep 2003
Posts: 739
Location: Cincinnati, Ohio, USA
|
| Posted: Wed Oct 29, 2003 5:42 pm Post subject: |
|
|
| Good point. It's just discouraging to see this in forums that field questions from people of varying expertise. You know people are going to ask these questions, sometimes repeatedly. And in this case where you have a logout/reboot/shutdown dialog that doesn't work "out of the box," I think it is a question deserving a good response. |
|
| Back to top |
|
|
darksaidin
Apprentice
Joined: 04 Oct 2003
Posts: 150
|
| Posted: Sat Jan 24, 2004 1:03 pm Post subject: |
|
|
| Quote: | Allowing non-root users to shutdown a Linux box.
1. As root create a group shutdown.
#addgroup shutdown
2. Put /sbin/shutdown into the group shutdown.
#chown root:shutdown /sbin/shutdown
3. Change accessrights to make /sbin/shutdown setuid and disallow
other users from executing shutdown.
#chmod 4754 /sbin/shutdown
4. Make a link from /bin/shutdown to /sbin/shutdown
#ln -s /sbin/shutdown /bin/shutdown
Now anyone belonging to the group shutdown can execute shutdown but I just will
allow the person in control of the keyboard to be able to issue the shutdown
command. You might prefer something else.
|
Well, this works and I don't really feels it's any less secure than the way gentoo handles it. By default anybody that comes along my machine can shut it down by just loggin out the current user and pressing the shutdown button in gdm. Therefore this whole security discussion is just stupid. There is no reason for a "non-user" to have more rights than a user. |
|
| Back to top |
|
|
c0bblers
Guru
Joined: 28 Mar 2003
Posts: 403
|
| Posted: Sat Jan 24, 2004 5:51 pm Post subject: |
|
|
I just press the power button.....ACPI is nice 
Cheers,
James |
|
| Back to top |
|
|
darksaidin
Apprentice
Joined: 04 Oct 2003
Posts: 150
|
| Posted: Sun Jan 25, 2004 1:28 am Post subject: |
|
|
| c0bblers wrote: | I just press the power button.....ACPI is nice
Cheers,
James |
That is simply not the point. If there is a button labeled "shutdown" it should prolly do a simple shutdown and not something else. At least that's what I think so it was worth figuring out how to "fix" this imho. It doesn't really matter if I use that button or not.  |
|
| Back to top |
|
|
c0bblers
Guru
Joined: 28 Mar 2003
Posts: 403
|
| Posted: Sun Jan 25, 2004 3:27 am Post subject: |
|
|
I guess it's more a gnome-trying-to-be-over-ambitious-and-not-checking problem than a gentoo problem....I've never changed/had problems with the default settings. In fact I quite like that it's hard to shutdown the machine via a GUI. I conceed that Joe Bloggs the user might find it a tad confusing though. Perhaps a patch to remove the option at gnome logout or a warning from the ebuild is in order though, since it's clearly a function that does not work......
Cheers.
James |
|
| Back to top |
|
|
spacie
n00b
Joined: 30 Jul 2003
Posts: 5
|
| Posted: Fri Mar 05, 2004 7:23 am Post subject: |
|
|
I think the point with the security is that it prevents anyone who might have been given someones userpass beeing able to shutdown from remote.
This is the view of a multi-user-system beeing administrated by someone not working at the system and never giving the root-pass to anyone.
If somebody is a local user sitting in front of the computer he will be able to do anything with this machine... |
|
| Back to top |
|
|
syouth
Apprentice
Joined: 18 Sep 2004
Posts: 275
|
| Posted: Thu Apr 21, 2005 4:46 pm Post subject: |
|
|
I just emerged Gnome 2.8.3 and this shutdown/reboot/logout problem occured. I tried to log into Gnome with root, but hitting "Log Out" on the menu just logged off normally and brought me back to GDM. Then I tried chmod'ing, like it's suggested everywhere, but as I thought, it didn't help. (It did not work with root user, why should it work for normal users ).
I'm really new to Gnome so you may hit me with RTFM or UTFG, but I really would appreciate if you would give me some lead here. Why can't it show the options menu with normal nor root user?
My USE flags, if they count:
USE="nptl dba 3dnow X aalib alsa -aim -arts gnome avi cdr -firebird flac ftp gtk2 -icc -icq imagemagick jabber java -kde mpeg mysql png perl php quicktime qt svga tcltk tiff jpeg gif usb wxwindows xine xmms xvid -yahoo gd apache2 mp3 x86 network ogg vorbis matroska offensive divx4linux logitech-mouse lm_sensors rdesktop aac xscreensaver unicode esd acpi -moznomail vim-with-x hal howl real"
_________________
psylove |
|
| Back to top |
|
|
syouth
Apprentice
Joined: 18 Sep 2004
Posts: 275
|
| Posted: Fri Apr 22, 2005 11:26 am Post subject: |
|
|
I got little success here.
My problem was that hitting "Log Out" logged out eventually without asking confirmation. This can be enabled in gnome-session-properties or Desktop Preferences -> Advanced -> Sessions (promt on logout).
Now I can move on enabling halt instructions.
_________________
psylove |
|
| Back to top |
|
|
|
Other Things Gentoo
