[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allow/deny user power of the os



In <201102041513.18513.debenvaio@fuckaround.org>, Pol Hallen wrote:
>How is the best way to deny and allow by time and date of user/s
>poweroff/reboot system?

Well, the standard security model for Linux systems doesn't really take time 
into account.  Also, sudo, which can be configured slightly more fine-grained, 
doesn't have built-in support for time-based policies.

You could try something involving a cron job switching between two separately 
maintained /etc/sudoers files, one with permissions for /sbin/shutdown and one 
without.

I think your best bet might be SELinux or AppArmor.  I don't really have any 
experience with either, but I thought they could do time-based roles.  Then 
you could have a role which allowed the access required for /sbin/shutdown and 
only allow certain users to switch into it at certain times, from what I've 
heard.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: