Re: allow/deny user power of the os
On Fri, Feb 4, 2011 at 4:41 PM, Boyd Stephen Smith Jr.
> In <firstname.lastname@example.org>, Pol Hallen wrote:
>>How is the best way to deny and allow by time and date of user/s
> You could try something involving a cron job switching between two separately
> maintained /etc/sudoers files, one with permissions for /sbin/shutdown and one
> I think your best bet might be SELinux or AppArmor. I don't really have any
> experience with either, but I thought they could do time-based roles. Then
> you could have a role which allowed the access required for /sbin/shutdown and
> only allow certain users to switch into it at certain times, from what I've
In this case, PolicyKit might be more appropriate than SELinux or AppArmor.