Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] /etc/shutdown.allow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sat Nov 21, 2020 2:44 pm    Post subject: [solved] /etc/shutdown.allow Reply with quote

The goal is to reboot as user, I know I can change the permissions of 'halt' or 'shutdown' but I'm looking into other approaches.

I've made /etc/shutdown.allow and the only line inside is the username
So, this command from that user should reboot the system
Code:
/sbin/shutdown -ar now


but instead I'm getting 'you must be root..' message , am I missing something ?


Last edited by kajzer on Sat Nov 21, 2020 4:35 pm; edited 1 time in total
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 5055
Location: Dallas area

PostPosted: Sat Nov 21, 2020 2:57 pm    Post subject: Reply with quote

Why not sudo? It's designed to handle situations like that.
Quote:

To run specific commands with sudo as any target user, for example to allow user john to restart only Apache service using sudo;

john ALL=(ALL) /bin/systemctl restart apache2


Edit to add: In your case

<username> ALL=(ALL) /sbin/shutdown -ar now

should work

ETA2: <username> ALL=(ALL) NOPASSWD: /sbin/shutdown -ar now
if you don't want to be prompted for the password
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox

The New OTW
Back to top
View user's profile Send private message
GDH-gentoo
l33t
l33t


Joined: 20 Jul 2019
Posts: 601
Location: South America

PostPosted: Sat Nov 21, 2020 3:39 pm    Post subject: Reply with quote

/etc/shutdown.allow is only used to decide whether shutdown should proceed or not, based on who's logged in. It doesn't grant privileges for running the shutdown program.
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sat Nov 21, 2020 3:50 pm    Post subject: Reply with quote

GDH-gentoo wrote:
/etc/shutdown.allow is only used to decide whether shutdown should proceed or not, based on who's logged in. It doesn't grant privileges for running the shutdown program.


I understand now, thanks!

@Anon-E-moose, I've opted not to use sudo, stopped using it years ago.

Well, ok, seems like changing the file permissions is the only way to go, in no sudo and no logind systemd etc. situations
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sat Nov 21, 2020 4:22 pm    Post subject: Reply with quote

Actually I found another way, funny enough it uses /etc/shutdown.allow
With ctrlaltdel key combination it does reboot indeed , although I have to switch first to console, since X server captures that combination, which btw I would be happy to learn how to overcome.

Since I Use dwm all I have to do is quit from it, that actually exists from X, one more keypress is needed but that's fine.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16506

PostPosted: Sat Nov 21, 2020 5:20 pm    Post subject: Reply with quote

You could allow sudo shutdown and no other sudo commands. Personally, I just use an xterm running under X to run /bin/su, and from there run reboot/shutdown as needed.

If you prefer that ctrl-alt-delete halt the system, you can make that change via /etc/inittab.
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sat Nov 21, 2020 5:40 pm    Post subject: Reply with quote

Hu wrote:
You could allow sudo shutdown and no other sudo commands. Personally, I just use an xterm running under X to run /bin/su, and from there run reboot/shutdown as needed.

If you prefer that ctrl-alt-delete halt the system, you can make that change via /etc/inittab.


Yeah, that's nice and easy, used to do it like that, then I switched to changed file permission, that allowed me to reboot via key combination, which is what I'm after actually.

That change is already there, I'm not sure what you mean, I only added -a flag
Code:
ca:12345:ctrlaltdel:/sbin/shutdown -ar now


But like I said, ctrl-alt-del is taken by X, it doesn't do a thing until I quit from X, then it works.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16506

PostPosted: Sat Nov 21, 2020 7:35 pm    Post subject: Reply with quote

According to man shutdown, -r requests a reboot. If you want the system to halt and power down, you should use -h instead. The default is -r. You could also install an ACPI listener and react to the power button as a request to halt. That should work even under X, but would require using the power button instead of the keyboard.
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 5055
Location: Dallas area

PostPosted: Sat Nov 21, 2020 9:03 pm    Post subject: Reply with quote

I never use halt/reboot, I've always done shutdown -h now to halt and shutdown -r now to reboot.
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox

The New OTW
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sat Nov 21, 2020 11:59 pm    Post subject: Reply with quote

I found a way to get back control of the keyboard from X, by using key combination SysRq+r, after that ctrl-alt-del works fine.

Again it's pressing two key combinations, but I guess I could simulate those combinations with xdotool and put everything in bash script, which would then execute reboot.
And then configure keybinding to launch that script.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16506

PostPosted: Sun Nov 22, 2020 1:39 am    Post subject: Reply with quote

That will not work. SysRq+r is a kernel key sequence, even when you are in X. You cannot emulate it using xdotool. You can emulate it by writing to /proc/sysrq-trigger - which only root can open for writing. If you have root permission to do that, you could more easily run the appropriate shutdown command.

Why are you trying so hard to avoid using root permissions to reboot the system? This thread has described several ways you could do so without the need to present root's password.
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sun Nov 22, 2020 8:36 am    Post subject: Reply with quote

I have a very long and complicated root password :(

Well I guess that's why I'm using Linux, there's always a way to do something different.
I like to tinker and patch things.
But you're right, I can easily press reset button on a case and be done with it, why even bother ...
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16506

PostPosted: Sun Nov 22, 2020 5:29 pm    Post subject: Reply with quote

Not the reset button, the power button. On any even vaguely modern system, a single press of the power button, followed by a quick release, will generate an ACPI event. An ACPI listener on the system can receive this event and take any action, as root. That includes doing a controlled shutdown or an orderly reboot. The reset button would immediately reset the hardware without doing a controlled reset. I did not recommend that, and you should not do it.

Personally, my systems react to ACPI power button as hibernate, not shutdown. I find that to be convenient for when I want to quickly suspend the system without the need to log in. Some laptops are even more convenient here, in that the vendor incorrectly used ACPI events for what should have been keyboard events, so you have even more ACPI inputs to pick from. I once had a laptop where I could get separate ACPI events for lid closure, power button tapped, and a Fn+F? key sequence. That let me have all of suspend, shutdown, and hibernate, all through hardware interaction. I did not need sudo, nor to be logged in.

Tinkering is fine, but we have given you several solutions that are, in my opinion, both easier to use and better/safer than what you are inventing on your own.
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sun Nov 22, 2020 5:47 pm    Post subject: Reply with quote

I don't know why are you triggered so much about this, I don't think I offended you or something.
You specifically gave me absolutely nothing actually, the other two posters did provide something.
My question and the post was very clear, the goal is to reboot as user, you keep talking how you do that in xterm with 'su' and then issue 'reboot'
That's an amazing find buddy but has nothing to do with my post, you only have to read carefully, nothing more than that.
Seems like that's too much for you, I marked this as solved yesterday but you just have to keep going and going, educating me how I should do things, what's easy for you and how you don't understand why that's not easy for me too.

You didn't help at all or give any constructive information, you are just spamming, would expect more from a moderator.
pfft whatever
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4512
Location: Illinois, USA

PostPosted: Sun Nov 22, 2020 7:35 pm    Post subject: Reply with quote

Here's yet one more way, without sudo. It won't work if you use startX and may need modificaion if a display manager other than xdm is used:


Add the following at the end of the standard shell script /usr/lib64/X11/xdm/Xsetup

Code:
#--- set Shutdown/Reboot buttons
(
xmessage -buttons Shutdown:20,Reboot:21 "" ;
case $? in
 20)
 exec /sbin/poweroff;;
 21)
 exec /sbin/reboot;;
 *)
 echo "Xmessage closed on `date`";;
esac
)&
This is from Linux Journal sometime in the '90s. I use it for OpenBox. Mate, Gnome and I suppose KDE have this built-in to their panels.

Or just sudo, I don't understand why you have a hard on about sudo, It's an old old Linux command. Later stuff like dbus, systemd, yeah, but sudo is old.

The above does not require sudo, it may require X to be running suid. I've always run X as suid and see no reason to stop now.
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sun Nov 22, 2020 8:00 pm    Post subject: Reply with quote

I use startx
It's not a hard on about sudo, I just don't think I need it, when I need to do stuff as root I use su and when I'm done I exit from it.
Sudo/sudoers is nice to use when you want to do root stuff but without entering password, thus making things like reboot/shutdown done easily, however I don't want to install it just because of that.
I was doing reboots for a long time with modified permissions on a shutdown file, that was working nice, but few days ago I found out about /etc/shutdown.allow, not much information about it, I thought it was doing something else but like I learned from GDH-gentoo it's made for something else, I still found use for it and now I'm actually using that method to reboot, first I quit from X then i press ctrl-alt-del.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16506

PostPosted: Sun Nov 22, 2020 8:47 pm    Post subject: Reply with quote

kajzer wrote:
I don't know why are you triggered so much about this, I don't think I offended you or something.
You didn't, until this post.
kajzer wrote:
You specifically gave me absolutely nothing actually, the other two posters did provide something.
You said you didn't want to use sudo, and didn't explain why. A common reason to want to avoid it is a desire to avoid allowing the regular user account to sudo any command at all. Therefore, I pointed out that you don't need to allow that. I was mistaken in my belief that you were avoiding sudo out of a security concern. You're just avoiding it to be difficult.
kajzer wrote:
My question and the post was very clear, the goal is to reboot as user, you keep talking how you do that in xterm with 'su' and then issue 'reboot'
That's an amazing find buddy but has nothing to do with my post, you only have to read carefully, nothing more than that.
In that same post, I observed that you could avoid the whole problem by using a root shell instead of logging out. I made that remark because I thought, apparently incorrectly, that you felt compelled to log out, and were therefore avoiding use of a root shell running under an X window.
kajzer wrote:
Seems like that's too much for you, I marked this as solved yesterday but you just have to keep going and going, educating me how I should do things, what's easy for you and how you don't understand why that's not easy for me too.
My next post was how you could easily use an ACPI listener, as a well-supported and secure alternative to manipulating file permissions. My post after that was attempting to help you by observing that xdotool cannot do your then-latest workaround. Apparently, I should have let you discover that the hard way. My post after that was because you wrote:
kajzer wrote:
But you're right, I can easily press reset button on a case and be done with it, why even bother ...
I felt compelled to correct you because the reset button and the power button do different things, and pressing the reset button, as you wrote, is definitely the wrong solution.
kajzer wrote:
You didn't help at all or give any constructive information, you are just spamming, would expect more from a moderator.
pfft whatever
At every turn, I posted what I considered to be constructive content. If you disagree, please report the thread so that someone can lock it to prevent further "spam."
Back to top
View user's profile Send private message
kajzer
l33t
l33t


Joined: 27 Nov 2014
Posts: 897

PostPosted: Sun Nov 22, 2020 9:50 pm    Post subject: Reply with quote

Yeah I meant to say troll instead of spam, but doesn't matter, I don't want to argue with you.
Point is that after I said that I don't use sudo you were offering that as a solution, why I don't use it doesn't really matter.
As for shutdown binary you were giving useless information, saying what switches I should use, again ignoring the fact that I want to do that as user and keep going on with a root line.
What I didn't know is that -a switch only works from /etc/inittab and only with ctrl-alt-del key combination, which is taken by X
Reset button was a joke, clearly I want to reboot cleanly, otherwise I would code reboot myself in C++, again you are assuming how I don't use sudo because I want it to be difficult, you were saying something similar before, so I used reset button as something very easy, again you're giving lectures how that button is doing different things and it's a wrong solution, completely unnecessary.

btw since I've started using suckless software couple of years ago, dwm as my WM, st as terminal, dmenu etc. I started to dig that minimal approach, it's not just sudo, I don't want to install anything I don't actually need.
It might look confusing to some, I get that, but people are different, I don't get for example people using Gnome, full blown, running X as root, systemd etc. but I'm not going to try to reason with them explaining them why I think that's bad in my opinion, how they should use this and that instead.

Question was about /etc/shutdown.allow , my fault was not explaining in detail that I don't use sudo, login managers, systemd logind etc.
I know about other methods, I didn't know about this one, now I know, end of story.

Friendly advice, if you want to help next time look at GDH-gentoo and how he does it, concrete, on point, not giving lectures and get into reasons why someone does something.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum