I give shutdown setuid permission, but deny others execute, like so:
chmod o-x /sbin/shutdown
chmod u+s /sbin/shutdown
now only root and users in the group that owns shutdown can run it, but
the command itself has root privilege, so it can shut down the system on
behalf of a non-root user. This is not quite as gaping a security hole
as allowing anybody to shut down the system, but you want to be careful
who is in the group that owns shutdown.
You can change the group with chgrp or chown, but if you do it will turn
off the setuid permission and you will need to set it again for the new
group.
Also, I am lazy, so I have in /etc/profile (/etc/bashrc for RedHat)
alias bye="/sbin/shutdown -h now"
I have shut down the system once when I didn't mean to by having that
alias. I don't reckon that's too bad. :-)
Lawson
>< Microsoft free environment
This mail client runs on Wine. Your mileage may vary.
On Sun, 13 Jun 1999, Paul Clyne wrote:
>
> I'm sure someone out there can help me... (and I also sure this has
been
> asked before, so appoligies in advance).
>
> On my home system there are three accounts (root, paul, and dani {my
wife})
> how can I allow the non-root accounts acess to the shutdown command ?.
>
> When my wife is using the computer and wants to shut it down she has to
su and
> then issue the command. There must be an easier way. I have been
looking at
> the root/wheel/system enteries in the etc/groups file but I don't want
to
> assign more rights than I have to to the non-root users. None of the
> doucumentation I have found so far makes it clear. I tried adding the
names
> to 'wheel' but when the command is issued I get back the command "must
be
> root...." and like I said before, I don't want to 'issue' root access
to
> everyone..
>
> I suspect there is a read-me that tells me all about it, so can
somebody help
> me out.
>
> Thanks
>
> ---------------------------------------------------------------------
> Paul Clyne aka: PAC / PACMAN
>
> at work - [EMAIL PROTECTED]
> at play - [EMAIL PROTECTED]
>
> The future is in our hands. Which way to the future ?
> ----------------------------------------------------------------------
>
___________________________________________________________________
Get the Internet just the way you want it.
Free software, free e-mail, and free Internet access for a month!
Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
