On Sun, 19 Mar 2000, Philip S Tellis wrote:
<snip>
>
>That's not logical. If all I needed was my own password, then I could
>telnet into any machine and shut it down. It's got to be the root
>password.
>
>Problem is, nothing works. I could enter any password, only root's would
>be accepted, but the machine will never shutdown unless I directly execute
>/sbin/shutdown (normal non-root users would execute /usr/bin/shutdown
>which is a link to console-helper which in turn executes userhelper which
>is something that uses PAM to execute root permission programs in
>unpriviledged mode.)
>
>In any case, I do not consider it safe to suid root to shutdown my
>machine. I do not consider it safe to suid root for anything. It's just
>a habit I wish to cultivate.
>
>I should be able to execute all root privilidged programs as a user on
>supplying the correct password.
>
>Why can't it just be as simple as:
>su -c shutdown - root
>
>That would ask me for the password and shutdown. Except that my PATH
>would still be used, so /usr/bin/ would be in the path and not /sbin
>
>Philip
Does consolehelper have permission to execute shutdown? consolehelper is suid
root, but I presume that it will look only in the current path for the
executable, and not outside it. (su does not change your current path).
If you want to shutdown the physical console (as different from terminal), then
you need to be root. Else, the user should be able to shutdown. (I have no
network experience, but this may be a possibility).
Devdas Bhagat
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
