Re: allow/deny user power of the os

To: debian-user@lists.debian.org
Subject: Re: allow/deny user power of the os
From: Tom H <tomh0665@gmail.com>
Date: Fri, 4 Feb 2011 17:49:16 -0500
Message-id: <[🔎] AANLkTimKOxOj82Q-o_Ph2kK=1jziGZiCaxB9JCA22bFJ@mail.gmail.com>
In-reply-to: <[🔎] 201102041541.27111.bss@iguanasuicide.net>
References: <[🔎] 201102041513.18513.debenvaio@fuckaround.org> <[🔎] 201102041541.27111.bss@iguanasuicide.net>

On Fri, Feb 4, 2011 at 4:41 PM, Boyd Stephen Smith Jr.
<bss@iguanasuicide.net> wrote:
> In <[🔎] 201102041513.18513.debenvaio@fuckaround.org>, Pol Hallen wrote:
>>
>>How is the best way to deny and allow by time and date of user/s
>>poweroff/reboot system?
>
> You could try something involving a cron job switching between two separately
> maintained /etc/sudoers files, one with permissions for /sbin/shutdown and one
> without.
>
> I think your best bet might be SELinux or AppArmor.  I don't really have any
> experience with either, but I thought they could do time-based roles.  Then
> you could have a role which allowed the access required for /sbin/shutdown and
> only allow certain users to switch into it at certain times, from what I've
> heard.

In this case, PolicyKit might be more appropriate than SELinux or AppArmor.

Reply to:

References:
- allow/deny user power of the os
  - From: Pol Hallen <debenvaio@fuckaround.org>
- Re: allow/deny user power of the os
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>

Prev by Date: Re: Please help me to evaluate flash/ssd life using vmstat -d
Next by Date: Re: tool for internet connection test
Previous by thread: Re: allow/deny user power of the os
Next by thread: Re: allow/deny user power of the os
Index(es):
- Date
- Thread