Re: shutdown/halt as user
In article <[🔎] 20020215113308.GA7931@civet.berkeley.edu>,
David Roundy <droundy@civet.berkeley.edu> wrote:
>On Fri, Feb 15, 2002 at 11:05:27AM +0100, Miquel van Smoorenburg wrote:
>> According to David Wright:
>> > > Stuff like this doesn't belong in sysvinit. It belongs in an
>> > > optional package that can call shutdown, not in shutdown itself.
>> > > Let alone in the halt binary!
>> >
>> > Fine, I wouldn't object.
>> >
>> > But I would point out that (1) you don't loose any modularity with a pam
>> > layer, since you can configure pam to require or not require just about
>> > anything you want
>>
>> A PAM layer to do what? Currently, halt doesn't *have* anything
>> like an interactive dialog built in. It isn't setuid. It's not
>> meant to be called by users.
>>
>> That is the stuff that doesn't belong in halt. You might as well
>> build an interactive shutdown dialog into /bin/mknod, that would
>> make just as much sense.
>
>PAM can do a lot more than just interactive stuff. I would want to make it
>so that shutdown can only be run by users on the console (or root,
>perhaps). Is there some way to do this other than using pam?
You don't understand.
shutdown/halt/reboot commands ARE NOT MEANT TO BE CALLED BY USERS
If you want to make it possible for a user to do shutdown/halt/reboot,
write a setuid wrapper program.
Mike.
--
Computers are useless, they only give answers. --Pablo Picasso
Reply to: