on 8/7/00 10:10 PM, Brian T. Schellenberger wrote:
>
> Does the lack of response mean that I won at "stump the band" here?
hi,
try adding a user (shutdownguy) to /etc/shutdown.allow and always have that
user logged in.
Gavin
here's what man shutdown says:
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys
CTRL-ALT-DEL are pressed, by creating an appropriate entry
in /etc/inittab. This means that everyone who has physical
access to the console keyboard can shut the system down.
To prevent this, shutdown can check to see if an autho�
rized user is logged in on one of the virtual consoles. If
shutdown is called with the -a argument (add this to the
invocation of shutdown in /etc/inittab), it checks to see
if the file /etc/shutdown.allow is present. It then com�
pares the login names in that file with the list of people
that are logged in on a virtual console (from
/var/run/utmp). Only if one of those authorized users or
root is logged in, it will proceed. Otherwise it will
write the message
shutdown: no authorized users logged in
to the (physical) system console. The format of /etc/shut�
down.allow is one user name per line. Empty lines and com�
ment lines (prefixed by a #) are allowed. Currently there
is a limit of 32 users in this file.
> "Brian T. Schellenberger" wrote:
>>
>> On my gateway/firewall machine, I get the message "no authorized users
>> logged in" when I try to reboot, unless root is logged in.
>>
>> I'd like for CTL+ALT+DEL to reboot it even if *nobody* is logged in.
>>
>> To make a a short story long . . .
>>
>> I'm sure that the problem is that the security level is set to high;
>> that's because it's a firewall machine, and I want high security w/r/t
>> the outside world, but I want "running with scissors" security w/r/t to
>> the physical world.
>>
>> (In fact, as a reflection of this, I have a *very* secure
>> password--randomly generated from a maximal character set--but I have
>> the password taped onto the front of the box. If a bad guy is already
>> standing in front of my firewall, I've got much bigger problems than the
>> security of my *computer* system.)
>>
>> The keyword is physically inaccessible (difficult to get to, that is),
>> so logging in as root just to reboot is a real pain. Frequently I wind
>> up just hitting the power switch, but this is obviously a less than
>> ideal way to reboot on a regular basis.
>>
>> So . . .
>>
>> What controls this? How can I change it?
