[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shutdown user and accountability

Blake Barnett <blake.barnett@developonline.com> writes:

> Can't you give a group sudo access?  If so, just add everyone to a group
> and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

That's exactly what my sudo setup does right now.  The problem is that
apparently *everyone* needs to be able to shut down the machine (for
reasons that are beyond me).  Added accounts on an as needed basis is
fine with me, but I don't fancy creating, oh, 250+ password protected
accounts just to meet policy.

> Or you could write your own script which wraps around halt/shutdown and
> logs what it's doing via logger or syslog...   
> 
> On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> > Dear .debs,
> > 
> > I'm maintaining a (small-time) group server for our department.  In
> > order to satisfy company policy requirements I need to provide a way
> > to shutdown the server in case of emergencies.  Our network admin was
> > kind enough to give me two alternatives:
> > 
> >   1) provide an on-screen shutdown button
> >   2) provide a shutdown user account (and document its usage)
> > 
> > I didn't like either approach because they lack accountability: after
> > a shutdown I can't tell *who* did it.
> > BTW, the server has no screen for buttons, so 1) is not an option to
> > begin with.  You have to ssh in to do anything (exploit one of inetd,
> > exim, samba or apache in some way may be an alternative ;-).
> > 
> > I came up with a 'sudo /sbin/halt' for department members (and others
> > on an as needed basis), but that was no good.  Everyone has to be able
> > to shut it down.  I racked my brains but didn't come up with anything
> > that provides accountability.  Anyone any suggestions?
> > 
> > Right now, I'm stuck with 2) and writing the password on the machine
> > (or similar) *or* stay with what I have now and take my chances with
> > people flicking the power switch.
> > BTW, the server is not in a physically secure location, so I run the
> > power switch thingy risk anyway.
> > 
> > Suggestions, discussions of pros and cons welcome,
> > -- 
> > Olaf Meeuwissen       Epson Kowa Corporation, Research and Development
> > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> > LPIC-2               -- I hack, therefore I am --                 BOFH
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> -- 
> Blake Barnett (bdb)  <blake.barnett@developonline.com>
> Sr. Unix Administrator
> DevelopOnline.com                 office: 480-377-6816
> 
> "Do, or do not.  There is no try." --Yoda
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Reply to: