On Wed, Mar 05, 2003 at 09:18:39AM -0500, christophe barbe wrote: > On Tue, Mar 04, 2003 at 10:34:29PM -0500, Colin Walters wrote: > > A bit more blue-sky: have an ACL on /bin/halt and /bin/reboot that only > > allows specific users to execute it. Then the dialog would offer the > > options iff the user had execute permission. > I have zero experience with ACL. Is it available with all kernels? Or do > we need a recent one or a patched one? You need a filesystem that supports ACLs. This is still not the default in Debian. Personally, I think trying to set execution ACLs on system binaries is a bad idea. Better to provide an suid wrapper binary that does whatever authorization checks are deemed appropriate (perhaps using PAM). -- Steve Langasek postmodern programmer
Attachment:
pgpfyijKTHvoh.pgp
Description: PGP signature