An idea which comes to mind based on some of the ones already put out: Create a less-privileged account called "reboot" (or whatever) and setup a sudo allowing that ID to run the shutdown. Setup a call that will kick off that sudo as your default shell. Then, put a call to that same sudo as the first command in their profiles for each shell you have installed to ensure if anyone logs in to that account and overrides the default call it will immediately run the shutdown anyway.
There are probably weaknesses to this as well (nothing is 100%), so please add on if you think of anything. -Lawrence -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Garman Sent: Wednesday, October 13, 2004 2:33 PM To: GNHLUG Subject: Re: Unprivileged user shutdown On Wed, 2004-10-13 at 14:11, Michael ODonnell wrote: > > useradd -c "execute reboot" > [...] > > -u 0 > > poweroff > > > There aren't any security problems here? It seems like there could > > be potential issues with having a "second root" account where the > > password was known. I'm not sure where exactly the problem would > > come from, but it just seems like there could be potential issues. > > > You're concerned that somebody might be able to use > the "poweroff" user's credentials to gain other root privileges? I've > not heard of a scenario where this would be a problem. The man page for su shows an option for changing the default shell that is run, "-s". I assume the risk here would be if one of these users were to run "su <shutdownacct> -s /bin/bash" and use the shutdown account's password to obtain an unrestricted root shell. I've never tried this so I'm not sure if that would work. Perhaps a better solution would be to set up a normal user account (ie, not uid=0) and give this user sudo access to run shutdown? Scott _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
