Re: shutdown user and accountability
On 28 Nov 2001, Olaf Meeuwissen wrote:
> Blake Barnett <firstname.lastname@example.org> writes:
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <email@example.com> writes:
> > >
> > > > Can't you give a group sudo access? If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > >
> > > That's exactly what my sudo setup does right now. The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me). Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> > Ok, I guess I didn't understand that the accounts didn't already exist.
> > Is this some sort of kiosk or something?
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
So, whats the point in accountability then? Can't you even short cut the
power switch and take out the hardware reset switch???
Then you could set up a shutdown user, and write a script asking for
identification, as suggested in some other mail.
> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
> Not much use ;-), but thanks anyway!
> Olaf Meeuwissen Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com