Re: shutdown user and accountability
On 28 Nov 2001, Olaf Meeuwissen wrote:
> Blake Barnett <blake.barnett@developonline.com> writes:
>
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <blake.barnett@developonline.com> writes:
> > >
> > > > Can't you give a group sudo access? If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > >
> > > That's exactly what my sudo setup does right now. The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me). Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> >
> > Ok, I guess I didn't understand that the accounts didn't already exist.
> > Is this some sort of kiosk or something?
>
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
>
So, whats the point in accountability then? Can't you even short cut the
power switch and take out the hardware reset switch???
Then you could set up a shutdown user, and write a script asking for
identification, as suggested in some other mail.
Mathias
> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
>
> Not much use ;-), but thanks anyway!
> --
> Olaf Meeuwissen Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: