[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with '/etc/shutdown.allow'

Carel Fellinger schrieb:
> [...]
> You see, shutdown really needs root privilege, soit.
> So either you use the suid trick on /sbin/shutdown (better not, and if not
> then there is no need to have shutdown (/sbin) in your path either),
> or signal some process running with root privilege to call shutdown for you.
> 
> The latter is what happens with Ctrl-Alt-Del, it triggers the keyboardhandler
> to call shutdown. The keyboardhandler being a kernel process runs with root
> privilege, so that works. But...
> 
> ... there is more to this story if shutdown is called with the "-a" flag
> and the file /etc/shutdown.allow exists. You see, in that case shutdown
> *itself* will refuse to do its work if neither root nor one of the users
> listed in /etc/shutdown.allow are actually logged-on on a virtual console.
> An xterm or XDM log-on screen won't do, you really have to be logged-on.
> 
> But even if you're logged-on, "shutdown -a" still needs to be run with root
> privilege (see above), so typing it from the command line will only work
> if you're root or the suid bit is set.
> [...]

Hello Carel,

Thank you very much again.

Concerning being root or having the suid bit: Mr. Benson showed up a
third solution earlier in this thread. With sudo you can specify
exactly for which command(s) you want to give root privileges to mere
mortals. I just did it yesterday and it works fine - and there is no
suid bid set to shutdown... This is great, don't you think?

Cheers,
Andreas.
Reply to: