Re: shutdown user and accountability

To: Olaf Meeuwissen <olaf@epkowa.co.jp>
Cc: debian-security@lists.debian.org
Subject: Re: shutdown user and accountability
From: Blake Barnett <blake.barnett@developonline.com>
Date: 27 Nov 2001 18:11:13 -0700
Message-id: <[🔎] 1006909873.6761.55.camel@shiva>
In-reply-to: <[🔎] 87elmju394.fsf@frodo.epkowa.co.jp>
References: <[🔎] 87elmju394.fsf@frodo.epkowa.co.jp>

Can't you give a group sudo access?  If so, just add everyone to a group
and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

Or you could write your own script which wraps around halt/shutdown and
logs what it's doing via logger or syslog...   


On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> Dear .debs,
> 
> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button
>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,
> -- 
> Olaf Meeuwissen       Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> LPIC-2               -- I hack, therefore I am --                 BOFH
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

"Do, or do not.  There is no try." --Yoda

Reply to:

Follow-Ups:
- Re: shutdown user and accountability
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

References:
- shutdown user and accountability
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

Prev by Date: shutdown user and accountability
Next by Date: Re: shutdown user and accountability
Previous by thread: shutdown user and accountability
Next by thread: Re: shutdown user and accountability
Index(es):
- Date
- Thread