Re: new twist on shutting down and restricting ssh users

[Dave Sherohman <esper@sherohman.org>]

On Wed, Mar 06, 2002 at 04:11:44PM -0500, dman wrote:
> 
> I want to allow my dad to shut down the router/gateway.  I want to do
> this by creating a login name "halt" that simply shuts down.  I did
> this by making /sbin/halt the shell.  As I understand it, only root is
> allowed to halt a system, so I made halt owned by root:halt with
> permissions 4754.  This works, but I am interested in comments on the
> pros/cons of this setup.  In addition, I want to disallow loggin in as
> 'halt' via ssh.  How can I do that?

Since you say that you want to disallow ssh access, I assume your dad
has physical access to the console, correct?  Just have him go to a
text console (Ctrl-Alt-F1) if the router is, for some reason, in X,
then hit ctrl-alt-del.  The default action in Debian is to reboot
(which would actually work - just let it reboot, then power down
before the OS loads), but you can change that by editing the lines in
/etc/inittab which say:

# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

and changing the -r (reboot) to -h (halt) and you don't need to
create a funky user or mess with /sbin/halt's permissions at all.

But, to answer the question you asked, you can use AllowUsers or
DenyUsers commands in /etc/sshd_config to control which users are
allowed to connect via ssh.

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss