Re: /etc/shutdown.allow is not recognized by shutdown -a ?
On Wed, Sep 26, 2001 at 04:52:57PM +0200, Peter Palmreuther wrote:
> Hello Sven,
>
> On Wednesday, September 26, 2001 at 4:32:57 PM,
> you wrote (at least in part):
>
> > Hello, ...
>
> > I want some logged in users to be able to shutdown the box, and the manpage of
> > shutdown suggest adding the user names to /etc/shutdown.allow and using the -a
> > option to shutdown.
>
> > But this does not work, i only get the :
>
> > shutdown: you must be root to do that!
>
> > message as response.
>
> > Is this supposed to work ? Am i missing something ? Did anyone manage to make
> > it work ?
>
> shutdown -a only checks if a user named in /etc/shutdown.allow _is logged in_
> on a console.
> you nevertheless have to be root or have root-rights to execute shutdown.
> I good example for shutdown -a is /etc/inittab.
> the line with 'ctrlaltdel' can use this so a validated user has to be logged
> in on a tty to be able to reboot the machine via <Ctrl>+<Alt>+<Del>
mmm, ok, that is the reason why it don't work then :(((
i just saw that the shutdown man page was changed in the new package, there
was talk of shutdown not being designed to run setuid but that shutdown.allow
enabled a user to use it in the older man page, or somethign such.
> my poor and quick testing showed me it could be possible to combine 'fakeroot'
> and 'shutdown'. Beside this I _know_ 'sudo' in combination with 'shutdown' does
> work.
Are you sure, i have not installed sudo here, but giving the user the right
rights in sudoers, will make it possible for you to use sudo and shutdown in
combination, i have added a gnome panel launcher with "sudo shutdown -h now"
as command to stop the box, and it worked, i would prefer to have it working
from the logout dialog, as it works for root.
> > As context, this is the first step in having gnome ask to logout or halt when
> > login out from the foot menu, which together with automatic login in gdm is a
> > very nice feature for a single user desktop system for newbies.
>
> I don't know if 'fakeroot' or 'sudo' even would help wiht this issue, as i
> don't know if 'gnome logged in' count's the same as 'tty logged in'. I do know
> 'ssh logged in' doesn't!
> As you want using automated login which opens _possible_ security holes (or
> toches security issues) I'd not use 'shutdown -a' for logout but only
> 'fakeroot/sudo shutdown' ... If I switch on the machine and am logged in, the
> check with '-a' if a valid /shutdown-allowed user is logged in is obsolete :-)
It is only a security risk if someone has phisical acces to the box, isn't it
? Since the user was previously running windows 98, this should not be a real
problem, but in the contrary, i think it is a good thing, since it lessens the
barrier to entry. Are there other issues i should know about ?
Saddly, the gdm halt from the system menu is no more available with automatic
login, letting no easy way to switch off the box available, thus my
investigation in the gnome logout dialog, and the shutdown questions.
Thansk for your help,
Friendly,
Sven Luther
Reply to: