Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How do I allow normal users to shutdown/reboot?
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
Guest






PostPosted: Tue Apr 30, 2002 5:59 pm    Post subject: How do I allow normal users to shutdown/reboot? Reply with quote

I have to log in as root to reboot, HELP!
How do I allow my parents to shutdown the computer without giving them my root password?
:?:
Back to top
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Tue Apr 30, 2002 7:47 pm    Post subject: Re: How do I allow normal users to shutdown/reboot? Reply with quote

Anonymous wrote:
How do I allow my parents to shutdown the computer without giving them my root password?


RTFM?

Code:
man shutdown


Or, to quote:

Quote:

ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creat-
ing an appropriate entry in /etc/inittab. This means that everyone who has physical access
to the console keyboard can shut the system down. To prevent this, shutdown can check to
see if an authorized user is logged in on one of the virtual consoles. If shutdown is
called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it
checks to see if the file /etc/shutdown.allow is present. It then compares the login names
in that file with the list of people that are logged in on a virtual console (from
/var/run/utmp). Only if one of those authorized users or root is logged in, it will pro-
ceed. Otherwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per
line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a
limit of 32 users in this file.

Note that if /etc/shutdown.allow is not present, the -a argument is ignored.


_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
rizzo
Retired Dev
Retired Dev


Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA

PostPosted: Sun Jun 23, 2002 6:45 pm    Post subject: Reply with quote

/etc/inittab has ctrlaltdel calling a shutdown -r, which would reboot, not shutdown the system. At least this is the case on my (gasp) redhat 7.3 box. While I could easily change the -r to -h, I though I'd just give you the FYI.
Back to top
View user's profile Send private message
f.kater
Guru
Guru


Joined: 23 May 2002
Posts: 342
Location: Berlin

PostPosted: Sun Oct 27, 2002 11:43 am    Post subject: Reply with quote

In
http://gnomesupport.org/forums/viewtopic.php?t=315
I finally found a way for gnome users to shutdown without turning back to gdm first and using the built-in action/log out menu.
As root do
Code:
chmod +s /sbin/shutdown
chmod +s /sbin/reboot

Realise that afterwards your system will be less secure.
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Sun Oct 27, 2002 12:29 pm    Post subject: Reply with quote

f.kater wrote:
As root do
Code:
chmod +s /sbin/shutdown
chmod +s /sbin/reboot

Realise that afterwards your system will be less secure.

To somewhat mitigate this added insecurity, does it still work if you eliminate all privileges to the world and only allow rx to a particular group, for example root.wheel 4750?
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
waverider202
Tux's lil' helper
Tux's lil' helper


Joined: 25 Sep 2002
Posts: 146
Location: Drexel University

PostPosted: Sun Oct 27, 2002 4:26 pm    Post subject: sudo Reply with quote

I'm guessing sudo can do it, w/o passwd on a per-user or per-group basis.
_________________
:-P
Back to top
View user's profile Send private message
f.kater
Guru
Guru


Joined: 23 May 2002
Posts: 342
Location: Berlin

PostPosted: Sun Oct 27, 2002 5:24 pm    Post subject: Reply with quote

I haven't tried yet what rac suggested (if I don't misunderstand it). But here is what I did and definitly doesn't work:
https://forums.gentoo.org/viewtopic.php?t=19970
Back to top
View user's profile Send private message
floam
Veteran
Veteran


Joined: 27 Oct 2002
Posts: 1067
Location: Vancouver, WA USA

PostPosted: Mon Oct 28, 2002 3:54 am    Post subject: Reply with quote

why in the hell do your parents get to use your computer. tell em to buy their own. and if its their computer; get a job and buy your own. and the answer is sudo.

Edit: I made this post quite a while ago, and now realize I must look pretty rude. Sorry.


Last edited by floam on Fri Mar 05, 2004 11:54 pm; edited 2 times in total
Back to top
View user's profile Send private message
splooge
l33t
l33t


Joined: 30 Aug 2002
Posts: 636

PostPosted: Mon Oct 28, 2002 9:04 am    Post subject: Reply with quote

ctrl-alt-del works for me.
Back to top
View user's profile Send private message
jondkent
Apprentice
Apprentice


Joined: 26 Jul 2002
Posts: 289
Location: London

PostPosted: Mon Oct 28, 2002 9:59 am    Post subject: Reply with quote

Look at this link
https://forums.gentoo.org/viewtopic.php?t=19791

to be secure sudo is the best route, but this explained in the above link.

My opinion is that using the suid bit is a bad route to take, I've also explained why the above link.

Jon
Back to top
View user's profile Send private message
f.kater
Guru
Guru


Joined: 23 May 2002
Posts: 342
Location: Berlin

PostPosted: Mon Oct 28, 2002 11:48 am    Post subject: Reply with quote

Hi, I use sudo (as I wrote in the other post, see link above) and it works for teminals.
But I am not identical with the "guest" who started this issue and I was looking for a way to shutdown from within GNOME using the built-in shutdown menu. This one doesn't seem to work with sudo. Did you manage to do it with sudo, then?
Back to top
View user's profile Send private message
jondkent
Apprentice
Apprentice


Joined: 26 Jul 2002
Posts: 289
Location: London

PostPosted: Mon Oct 28, 2002 12:19 pm    Post subject: Reply with quote

Don't use gnome, so can't really answer you re Gnome I'm afriad :-(

I'll take a guess that the best route maybe to find what Gnome is using to shutdown the system and change this to use sudo, or use a script that uses sudo. Just an idea.


Jon
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18433

PostPosted: Mon Apr 21, 2003 9:00 pm    Post subject: Reply with quote

See also Gnome2 reboot problem
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
sisob
Apprentice
Apprentice


Joined: 28 Jun 2002
Posts: 274
Location: Ireland

PostPosted: Mon Apr 21, 2003 9:12 pm    Post subject: Reply with quote

Filled this: http://bugzilla.gnome.org/show_bug.cgi?id=111305
See also: http://bugzilla.gnome.org/show_bug.cgi?id=84054
and http://gnomesupport.org/forums/viewtopic.php?t=315

MArk
_________________
Mark Finlay - Gnome Hacker of Sorts
Come join me on the Gnome User's Forum
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18433

PostPosted: Mon Apr 21, 2003 9:13 pm    Post subject: Reply with quote

sisob: Thanks for the links.
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
gcasillo
l33t
l33t


Joined: 23 Sep 2003
Posts: 739
Location: Cincinnati, Ohio, USA

PostPosted: Wed Oct 29, 2003 3:28 am    Post subject: Reply with quote

I was dissappointed to see an administrator post "RTFM?" and a guru post "why in the hell do your parents get to use your computer. tell em to buy their own. and if its their computer; get a job and buy your own. and teh answer is sudo" in this thread while searching for a solution. Please be professional to people looking for solutions, or just don't bother posting.
Back to top
View user's profile Send private message
kallamej
Administrator
Administrator


Joined: 27 Jun 2003
Posts: 4933
Location: Gothenburg, Sweden

PostPosted: Wed Oct 29, 2003 10:57 am    Post subject: Reply with quote

Don't mistake the current status of a poster and that (s)he had at the time of a particular post. If you check the date that floam wrote that post and the date he registered, I hope you'll realise that he wasn't a "Guru" at that time. Of course, the rating is only based on the number of posts so it doesn't say anything about the quality of the posts. The same applies to admin/moderator/developer.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.freenode.net
Back to top
View user's profile Send private message
gcasillo
l33t
l33t


Joined: 23 Sep 2003
Posts: 739
Location: Cincinnati, Ohio, USA

PostPosted: Wed Oct 29, 2003 5:42 pm    Post subject: Reply with quote

Good point. It's just discouraging to see this in forums that field questions from people of varying expertise. You know people are going to ask these questions, sometimes repeatedly. And in this case where you have a logout/reboot/shutdown dialog that doesn't work "out of the box," I think it is a question deserving a good response.
Back to top
View user's profile Send private message
darksaidin
Apprentice
Apprentice


Joined: 04 Oct 2003
Posts: 150

PostPosted: Sat Jan 24, 2004 1:03 pm    Post subject: Reply with quote

Quote:
Allowing non-root users to shutdown a Linux box.

1. As root create a group shutdown.
#addgroup shutdown

2. Put /sbin/shutdown into the group shutdown.
#chown root:shutdown /sbin/shutdown

3. Change accessrights to make /sbin/shutdown setuid and disallow
other users from executing shutdown.
#chmod 4754 /sbin/shutdown

4. Make a link from /bin/shutdown to /sbin/shutdown
#ln -s /sbin/shutdown /bin/shutdown

Now anyone belonging to the group shutdown can execute shutdown but I just will
allow the person in control of the keyboard to be able to issue the shutdown
command. You might prefer something else.



Well, this works and I don't really feels it's any less secure than the way gentoo handles it. By default anybody that comes along my machine can shut it down by just loggin out the current user and pressing the shutdown button in gdm. Therefore this whole security discussion is just stupid. There is no reason for a "non-user" to have more rights than a user.
Back to top
View user's profile Send private message
c0bblers
Guru
Guru


Joined: 28 Mar 2003
Posts: 403

PostPosted: Sat Jan 24, 2004 5:51 pm    Post subject: Reply with quote

I just press the power button.....ACPI is nice :-)

Cheers,
James
Back to top
View user's profile Send private message
darksaidin
Apprentice
Apprentice


Joined: 04 Oct 2003
Posts: 150

PostPosted: Sun Jan 25, 2004 1:28 am    Post subject: Reply with quote

c0bblers wrote:
I just press the power button.....ACPI is nice :-)

Cheers,
James


That is simply not the point. If there is a button labeled "shutdown" it should prolly do a simple shutdown and not something else. At least that's what I think so it was worth figuring out how to "fix" this imho. It doesn't really matter if I use that button or not. ;)
Back to top
View user's profile Send private message
c0bblers
Guru
Guru


Joined: 28 Mar 2003
Posts: 403

PostPosted: Sun Jan 25, 2004 3:27 am    Post subject: Reply with quote

I guess it's more a gnome-trying-to-be-over-ambitious-and-not-checking problem than a gentoo problem....I've never changed/had problems with the default settings. In fact I quite like that it's hard to shutdown the machine via a GUI. I conceed that Joe Bloggs the user might find it a tad confusing though. Perhaps a patch to remove the option at gnome logout or a warning from the ebuild is in order though, since it's clearly a function that does not work......

Cheers.
James
Back to top
View user's profile Send private message
spacie
n00b
n00b


Joined: 30 Jul 2003
Posts: 5

PostPosted: Fri Mar 05, 2004 7:23 am    Post subject: Reply with quote

I think the point with the security is that it prevents anyone who might have been given someones userpass beeing able to shutdown from remote.
This is the view of a multi-user-system beeing administrated by someone not working at the system and never giving the root-pass to anyone.
If somebody is a local user sitting in front of the computer he will be able to do anything with this machine...
Back to top
View user's profile Send private message
syouth
Apprentice
Apprentice


Joined: 18 Sep 2004
Posts: 275

PostPosted: Thu Apr 21, 2005 4:46 pm    Post subject: Reply with quote

I just emerged Gnome 2.8.3 and this shutdown/reboot/logout problem occured. I tried to log into Gnome with root, but hitting "Log Out" on the menu just logged off normally and brought me back to GDM. Then I tried chmod'ing, like it's suggested everywhere, but as I thought, it didn't help. (It did not work with root user, why should it work for normal users ).

I'm really new to Gnome so you may hit me with RTFM or UTFG, but I really would appreciate if you would give me some lead here. Why can't it show the options menu with normal nor root user?

My USE flags, if they count:

USE="nptl dba 3dnow X aalib alsa -aim -arts gnome avi cdr -firebird flac ftp gtk2 -icc -icq imagemagick jabber java -kde mpeg mysql png perl php quicktime qt svga tcltk tiff jpeg gif usb wxwindows xine xmms xvid -yahoo gd apache2 mp3 x86 network ogg vorbis matroska offensive divx4linux logitech-mouse lm_sensors rdesktop aac xscreensaver unicode esd acpi -moznomail vim-with-x hal howl real"
_________________
psylove
Back to top
View user's profile Send private message
syouth
Apprentice
Apprentice


Joined: 18 Sep 2004
Posts: 275

PostPosted: Fri Apr 22, 2005 11:26 am    Post subject: Reply with quote

I got little success here.

My problem was that hitting "Log Out" logged out eventually without asking confirmation. This can be enabled in gnome-session-properties or Desktop Preferences -> Advanced -> Sessions (promt on logout).

Now I can move on enabling halt instructions.
_________________
psylove
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum