shutdown -a only checks to see if an authorized user is logged in. It
doesn't check to make sure that the user who hit ctrl+alt+del IS that
authorized user. This would work fine for a machine where only one
person was logged in, but how would it react to say, root being logged
in remotely.
Matt Stegman wrote:
>
> Personally, I liked the idea about parsing /etc/shutdown.allow for the
> user. GAWK is one way to do that, grep is another. I think a better way
> would be to use shutdown with -a. How about this instead:
>
> #!/bin/sh
> # Shoutdown computer if user is allowed, logout if not.
>
> shutdown -ah now || logout
>
> Pretty small, but I think it does the same thing, and just lets "shutdown"
> handle checking the username.
>
> -Matt
