On Wed, Oct 13, 1999 at 10:57:36PM +0200, Miquel van Smoorenburg wrote: > In article <[EMAIL PROTECTED]>, > =?iso-8859-1?Q?Tomasz_W=EAgrzanowski?= <[EMAIL PROTECTED]> wrote: > >I suggest a new group `power' > >and setting privileges of shutdown and halt (reboot is symlink to halt) to: > >-rwsr-xr-- 1 root power 6876 Jan 12 1999 /sbin/halt > >-rwsr-xr-- 1 root power 13492 Jan 12 1999 /sbin/shutdown > >(chmod u+s)(chmod o-x)(chown root.power) > > Really, you are not supposed to call 'halt' or 'reboot' directly - > that's just a BSD heritage that people can't seem to get rid of. > But if you insist on it, halt or reboot don't need to be setuid root, > since they call shutdown anyway if they think that is what you meant.
Hmm... I used BSD as root a week and this was long time ago so my habit is not from this place Its just much faster and typoless to write `halt' than `shutdown -h now' According to manpages halt|reboot calls shutdown if system is not in proper runlevel > >This group would be very useful for desktop machines for people who > >set computer on (via switch), login as common user and do what they have to > >and then stop the computer via command (`halt' or `shutdown -h now') > >or via it's interface gshutdown. Now this problem is lacally solved > >inelegantly > >by sudo or by special root account called ex: halt (shell=/sbin/halt) or > >by even less secure methods because of lack of the standard. > > Note that 'shutdown' was NOT designed to be run setuid - for all > I know it's full of grave security holes if you do. You then not > only gave the people in the group 'power' permission to shut down > the machine, you just granted them root access as well ... I see some possibilities to make a mess with suid shutdown but not much more mess than with turning power off by button but if you know any exploits of suid shutdown of which I dont know please tell me (Ive found nothing in manpages)
