Re: new twist on shutting down and restricting ssh users
On Wed, Mar 06, 2002 at 04:11:44PM -0500, dman wrote:
>
> I want to allow my dad to shut down the router/gateway. I want to do
> this by creating a login name "halt" that simply shuts down. I did
> this by making /sbin/halt the shell. As I understand it, only root is
> allowed to halt a system, so I made halt owned by root:halt with
> permissions 4754. This works, but I am interested in comments on the
> pros/cons of this setup. In addition, I want to disallow loggin in as
> 'halt' via ssh. How can I do that?
Since you say that you want to disallow ssh access, I assume your dad
has physical access to the console, correct? Just have him go to a
text console (Ctrl-Alt-F1) if the router is, for some reason, in X,
then hit ctrl-alt-del. The default action in Debian is to reboot
(which would actually work - just let it reboot, then power down
before the OS loads), but you can change that by editing the lines in
/etc/inittab which say:
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
and changing the -r (reboot) to -h (halt) and you don't need to
create a funky user or mess with /sbin/halt's permissions at all.
But, to answer the question you asked, you can use AllowUsers or
DenyUsers commands in /etc/sshd_config to control which users are
allowed to connect via ssh.
--
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius
Innocence is no protection when governments go bad. - Tom Swiss
Reply to: