Re: Problem with '/etc/shutdown.allow'

To: debian-user@lists.debian.org
Subject: Re: Problem with '/etc/shutdown.allow'
From: Carel Fellinger <cfelling@iae.nl>
Date: Thu, 19 Oct 2000 01:02:45 +0200
Message-id: <20001019010245.A16745@animus.fel.iae.nl>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <39EC88D3.435B7402@netway.at>; from hetzmann@netway.at on Tue, Oct 17, 2000 at 07:13:55PM +0200
References: <39EB2C2C.13F7D8DC@netway.at> <20001016195620.B8209@animus.fel.iae.nl> <39EC88D3.435B7402@netway.at>

Hai Andreas,

On Tue, Oct 17, 2000 at 07:13:55PM +0200, Andreas Hetzmannseder wrote:
> Carel Fellinger wrote:
...
> > shutdown isn't in your PATH, but even if it were it has no SUID flag so
> > it won't do you no good.
> 
> You are absolutely right. Well I wouldn't believe it, so I had to see
> for myself: /sbin is now in my path but what's the point of it?

the point being...

> > > [...] However when I attempt to type 'shutdown -a -r now' or
> > > 'shutdown -a -h now' by myself, it says 'shutdown: command not found'.

...that the command will be found when typed from the command-line,
   but as I said that won't do you no good...

> > > I still have to be root in this case.

...as you still have to be root:]

You see, shutdown really needs root privilege, soit.
So either you use the suid trick on /sbin/shutdown (better not, and if not
then there is no need to have shutdown (/sbin) in your path either),
or signal some process running with root privilege to call shutdown for you.

The latter is what happens with Ctrl-Alt-Del, it triggers the keyboardhandler
to call shutdown. The keyboardhandler being a kernel process runs with root
privilege, so that works. But...

... there is more to this story if shutdown is called with the "-a" flag
and the file /etc/shutdown.allow exists. You see, in that case shutdown
*itself* will refuse to do its work if neither root nor one of the users
listed in /etc/shutdown.allow are actually logged-on on a virtual console.
An xterm or XDM log-on screen won't do, you really have to be logged-on.

But even if you're logged-on, "shutdown -a" still needs to be run with root
privilege (see above), so typing it from the command line will only work
if you're root or the suid bit is set.

...
> Thank you for your explanation.

Your welcome:), but I fear I've merely confused you with the inittab thing:(

> > Well, you shouldn't add the entry but modify the excisting one and add to
> > that entry the '-a' flag. [...]
> 
> Now I feel completely stupid. Which existing entry shall I modify?
> Please have a look at my /etc/inittab:
...
>     ca:12345:ctraltdel:/sbin/shutdown -t1 -a -r now

the -a is already there, so the docs were misleading and I should have
looked up the contents of the default /etc/inittab file. Sorry.

-- 
groetjes, carel

Reply to:

Follow-Ups:
- Re: Problem with '/etc/shutdown.allow'
  - From: Andreas Hetzmannseder <hetzmann@netway.at>

References:
- Problem with '/etc/shutdown.allow'
  - From: Andreas Hetzmannseder <hetzmann@netway.at>
- Re: Problem with '/etc/shutdown.allow'
  - From: Carel Fellinger <cfelling@iae.nl>
- Re: Problem with '/etc/shutdown.allow'
  - From: Andreas Hetzmannseder <hetzmann@netway.at>

Prev by Date: Re: /etc/apt/sources.list -- howto...
Next by Date: Re: Monitor power-down/screensaver
Previous by thread: Re: Problem with '/etc/shutdown.allow'
Next by thread: Re: Problem with '/etc/shutdown.allow'
Index(es):
- Date
- Thread