On Fri, Sep 07, 2007 at 06:43:33AM +0000, [EMAIL PROTECTED] wrote:
> Tamouh wrote:
> >> Robin Becker wrote:
> >> > My collocation supplier is about to move our FreeBSD box and wants
> >> > some way to shut it down cleanly. Is there a simple way to allow a
> >> > non-root user to have shutdown rights without just giving them the
> >> > world. At present I don't even allow login via ssh on that
> >> box ie it's
> >> > purely key based.
> >> What I would do is develop a script (owned by root )
> >> and callable by everybody which then checks the user-id of
> >> its caller, and if it is an acceptable one, the script will
> >> issue a warning (to wall) and then shutdown the system.
> > why not ask them to do CTRL+ALT+DEL which will reboot the server cleanly
> > and once it hit
> > does the intial reset, turn it off.
> Yes, CTRL+ALT+DEL will reboot the server cleanly,
> but it does not shutdown the previous session nicely, it shuts it
> down catastrophically, and it can be done by anyone with access
> to the system keyboard. Robin asked for a way to allow one specific
> non-root user to be able to shutdown the system.
Actually it will do a clean shutdown if your hardware supports it.
But, assuming this not available, then check our 'sudo'.
It is in the ports. With it you can create a command that can
only be run by one id. You do not have to give that id root
priviledge or the ability to run any other command. In fact,
by manipulating the user's shell, you can create a login account
that can only run that command and then go away/logout. The sudo
utility starts up when the command you created is executed. It
checks the user id it is running under and if you want, it can ask
for further authentication. If the command that the user is
attempting to run is acceptable, then it will execute that command
for the user. In the sudo configuration file you can create a
list of system commands a particular id is allowed to run.
But watch and see if your CTRL-ALT-DEL causes a regular shutdown
or crashes it down.
> firstname.lastname@example.org mailing list
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"