Re: The right way to power off a computer as non-root
> Hello,
Hello,
> I use my computer as a workstation and thus I think it would be a good idea
> to be able to switch it of as user without being root.
Well, what about su?
tech@maximus$ su
tech@maximus's password:
root@maxiums# shutdown -h now
> I had two ideas of making this possible. The one is to make it sudo-able and
> the other is to put the executable into a special group (e.g. poweroffer)
Sudo is a security hole. There are three ways to use it, one good, one
questionable, and one stupid.
The good way is to set your user account to have full root privs via sudo.
This is very handy to have, because you can do root things without having to
su.
The questionable way is to allow certain users to execute a certain set of
programs as root. It works well, but if you are not extremely careful about
write permissions on the executables and all of their parent directories, you
can make it possible to overwrite an allowed program with one of your own.
Even more likely, you can force trusted programs to execute non-trusted
programs with the same effective UID.
The stupid way to use it is to allow a user full root privs, with some
restrictions.
This is off topic, but most likely useful.
> and then make the binaries suid-root executable for this group and put the
> users which ought to be allowed to poweroff the workstation into this group.
This sounds like the best way. It seemes simpler just to su root.
> Of course this would be possible with gdm, but due to some other problems
> with gdm I reported a time ago which I still have not fixed I don't want to
> use gdm.
Ok.
> thanks,
> thomas
-Tech
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: