In <[🔎] 201102041513.18513.debenvaio@fuckaround.org>, Pol Hallen wrote: >How is the best way to deny and allow by time and date of user/s >poweroff/reboot system? Well, the standard security model for Linux systems doesn't really take time into account. Also, sudo, which can be configured slightly more fine-grained, doesn't have built-in support for time-based policies. You could try something involving a cron job switching between two separately maintained /etc/sudoers files, one with permissions for /sbin/shutdown and one without. I think your best bet might be SELinux or AppArmor. I don't really have any experience with either, but I thought they could do time-based roles. Then you could have a role which allowed the access required for /sbin/shutdown and only allow certain users to switch into it at certain times, from what I've heard. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.