Thanks for quick help! I updated busybox with latest stable version by compile and cp via ftp to /usr/bin Then I did an "./busybox --install -s" to create the new links.
I did a "chmod 4755 /bin/busybox" -> login works. As sudo is not implemented in my system (and not part of busybox) and a new user is to uncomfortable your 3rd approach looks best. I checked here u...@ubu:/opt/src/busybox-1.18.1$ find . | xargs grep BB_SUID_DROP | grep halt ./include/applets.h:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP)) ./include/applets.h:IF_HALT(APPLET_ODDNAME(poweroff, halt, _BB_DIR_SBIN, _BB_SUID_DROP, poweroff)) ./include/applets.h:IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN, _BB_SUID_DROP, reboot)) ./init/halt.c://applet:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP)) ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(poweroff, halt, _BB_DIR_SBIN, _BB_SUID_DROP, poweroff)) ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN, _BB_SUID_DROP, reboot)) I guess I have to replace BB_SUID_DROP in all 6 lines. There is just one open question: What is the disadvantage or side-effect of setting busybox to be setuid. I am not so much familiar with this, but afraid users can do other this (they shouldn't do) as well. Best regards Arno 2011/1/3 Denys Vlasenko <[email protected]>: > On Mon, Jan 3, 2011 at 11:25 AM, Arno Steffen > <[email protected]> wrote: >> 1) I want normal user give the permission to reboot or halt the system. >> With current implemented busybox it is not allowes - I just get a NO. > > Because reboot tries to initiate reboot, but gets EPERM. > (BTW, can you please upgrade to something newer than busybox-1.13.x?) > > >> I already changed the link from /sbin/reboot to /bin/reboot or changed >> permission, but this doesn't help. > > Possible approaches: > * Make a new user with uid 0 and login shell=/sbin/reboot. > or > * Use sudo mechanism to allow some users to run /sbin/reboot > or > * Make busybox binary setuid root, and change reboot applet from > _BB_SUID_DROP to _BB_SUID_MAYBE in this line: > IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN, _BB_SUID_DROP, reboot)) > (warning: this will allow any user to run reboot) > > >> 2) when user is logged in, I can't change to root, as login command >> can only be run as superuser. > > Works for me as long as busybox binary is setuid root: > > $ busybox login > myhost login: _ > > >> How can I change the user? > > Using su command. > > -- > vda > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
