[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allow/deny user power of the os



On Fri, Feb 4, 2011 at 4:41 PM, Boyd Stephen Smith Jr.
<bss@iguanasuicide.net> wrote:
> In <201102041513.18513.debenvaio@fuckaround.org>, Pol Hallen wrote:
>>
>>How is the best way to deny and allow by time and date of user/s
>>poweroff/reboot system?
>
> You could try something involving a cron job switching between two separately
> maintained /etc/sudoers files, one with permissions for /sbin/shutdown and one
> without.
>
> I think your best bet might be SELinux or AppArmor.  I don't really have any
> experience with either, but I thought they could do time-based roles.  Then
> you could have a role which allowed the access required for /sbin/shutdown and
> only allow certain users to switch into it at certain times, from what I've
> heard.

In this case, PolicyKit might be more appropriate than SELinux or AppArmor.


Reply to: