Re: [gentoo-user] How to poweroff the system from user?
"Walter Dnes" writes: > On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote > >> That leaves the question why a user who isn't even logged in should >> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. >> Such users shouldn't be allowed to do anything but to log in. > > As the old saying goes... "If you don't have physical security, you > don't have any security". A malicious person at the physical keyboard > of the machine could just as easily yank the power cord of out of the > wall, insert a USB key into the machine, plug the machine back in, boot > up from the USB key, and copy over malicious binaries. It's not logical to provide ppl who want to copy over malicious binaries with an easy way to reboot the machine in order to do so. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] How to poweroff the system from user?
On Mon, Mar 30, 2015 at 4:09 AM, Mick wrote: > On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote: >> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes wrote: >> > Be careful what you wish for. I have my doubts that TPM chips would >> > >> > boot linux with Microsoft offering "volume discounts" to OEMS. Call me >> > cynical. >> >> TPM chips don't control what boots. They just accept the hash of the >> bootloader reported by the firmware and store it (and that is it as >> far as the OEM's contribution to the process). > > Rich, the problem with TPM as I understand it is that the private key in the > TPM chip is not yours, generated on your trusted platform, but the TPM > manufacturer's and is burned into the TPM chip at the time of production. If > the TPM OEMs are in US or within the sphere of influence of the US, then I > would consider this key as good as compromised. As far as I'm aware, using a TPM for full-disk encryption does not rely on any keys pre-installed in the TPM. Typically you install your own key or have the TPM generate one for you. All the TPM does is refuse to divulge the key unless the firmware reported that the bootloader hash matches what you told it to look out for, and the bootloader reported that the kernel hash matches what you told it to look for (and you can go beyond that, but only if you are using a distro that signs its userspace, which I believe is a direction RedHat is going). However, if the TPM or firmware has a back-door, then I'll certainly grant that the NSA can read your hard drive. They don't even need to compromise the TPM - the firmware alone is capable of compromising the trusted boot path. It just needs to tell the TPM that it booted your trusted bootloader when it really booted something else. Securing your system isn't really about keeping the NSA out. If they want in, they're probably already in. Sure, it might be hypothetically possible to keep them out, but it would take far more effort than almost anybody is going to be willing to put in. A TPM will likely do a very effective job at keeping the 99.999% of people on the Earth who aren't the NSA out, which seems to be good enough for just about every company on the planet, since most secure their laptops with TPMs. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote: > On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes wrote: > > Be careful what you wish for. I have my doubts that TPM chips would > > > > boot linux with Microsoft offering "volume discounts" to OEMS. Call me > > cynical. > > TPM chips don't control what boots. They just accept the hash of the > bootloader reported by the firmware and store it (and that is it as > far as the OEM's contribution to the process). Rich, the problem with TPM as I understand it is that the private key in the TPM chip is not yours, generated on your trusted platform, but the TPM manufacturer's and is burned into the TPM chip at the time of production. If the TPM OEMs are in US or within the sphere of influence of the US, then I would consider this key as good as compromised. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] How to poweroff the system from user?
On Monday 30 Mar 2015 01:32:21 Walter Dnes wrote: > On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote > > > With TPM, full-disk encryption, and a verified boot path, you could > > actually protect against that scenario (they'd have to tear apart the > > TPM chip and try to access the non-volatile storage directly, and the > > chips are specifically designed to defeat this). Secure boot would > > not hurt either (with your own keys). Of course, they could still try > > to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not > > suggesting physical security isn't important. It just isn't a good > > reason to completely neglect console security. > > Be careful what you wish for. I have my doubts that TPM chips would > boot linux with Microsoft offering "volume discounts" to OEMS. Call me > cynical. Well, yes, post Snowden revelations we can reasonably suspect that the TPM OEMs have degraded the randomness of the chip sufficiently for spooks to be able to crack your keys. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes wrote: > > Be careful what you wish for. I have my doubts that TPM chips would > boot linux with Microsoft offering "volume discounts" to OEMS. Call me > cynical. > TPM chips don't control what boots. They just accept the hash of the bootloader reported by the firmware and store it (and that is it as far as the OEM's contribution to the process). Linux supports TPM chips, as does trusted grub. I have no idea if gummiboot or any of the EFI solutions do (presumably direct to linux works) - you'd need a TPM-aware bootloader to take advantage of TPM-based full-disk encryption unless you want to be typing in a password when you boot. A TPM is still useful with password-based boots since it can enforce a maximum number of guesses before it destroys the key. However, the real magic is when you use a verified boot path so that your system just magically boots into linux if the boot path is not tampered with, and if not the hard drive is impossible to read (and you can do all this while keeping a copy of your disk key safely offline just in case). Remember, TPM isn't UEFI - it works differently and has been around in PCs a lot longer. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote > With TPM, full-disk encryption, and a verified boot path, you could > actually protect against that scenario (they'd have to tear apart the > TPM chip and try to access the non-volatile storage directly, and the > chips are specifically designed to defeat this). Secure boot would > not hurt either (with your own keys). Of course, they could still try > to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not > suggesting physical security isn't important. It just isn't a good > reason to completely neglect console security. Be careful what you wish for. I have my doubts that TPM chips would boot linux with Microsoft offering "volume discounts" to OEMS. Call me cynical. -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 7:20 PM, Walter Dnes wrote: > On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote > >> That leaves the question why a user who isn't even logged in should >> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. >> Such users shouldn't be allowed to do anything but to log in. > > As the old saying goes... "If you don't have physical security, you > don't have any security". A malicious person at the physical keyboard > of the machine could just as easily yank the power cord of out of the > wall, insert a USB key into the machine, plug the machine back in, boot > up from the USB key, and copy over malicious binaries. > With TPM, full-disk encryption, and a verified boot path, you could actually protect against that scenario (they'd have to tear apart the TPM chip and try to access the non-volatile storage directly, and the chips are specifically designed to defeat this). Secure boot would not hurt either (with your own keys). Of course, they could still try to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not suggesting physical security isn't important. It just isn't a good reason to completely neglect console security. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote > That leaves the question why a user who isn't even logged in should > be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. > Such users shouldn't be allowed to do anything but to log in. As the old saying goes... "If you don't have physical security, you don't have any security". A malicious person at the physical keyboard of the machine could just as easily yank the power cord of out of the wall, insert a USB key into the machine, plug the machine back in, boot up from the USB key, and copy over malicious binaries. -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 8:33 AM, Jorge Almeida wrote: > On Sun, Mar 29, 2015 at 12:55 PM, Volker Armin Hemmann > wrote: >>> and dump people keep talking nonsencely that sysvinit is enough while it >>> cannot even handle reboot for normal user. sad. >> >> it can. Did for decaded. >> >> Dumb systemd fanbois spouting their lies everywhere. Sad. >> > > "Sad" doesn't even begin to describe the behaviour of Mr. "can learn > anything I want very very fast", the famous "expert of all kinds". > What beats me is the apparent tolerance of this list towards this kind > of attitude. In case someone forgot, this microcai critter is the same > self-styled genious who made his Grand Entrance to this list on > 11/11/12 saying "byebye haters . Comunitiy doesn't need people like > you" Do we really need a 15-post flamewar about whose fans are more childish? If you have a problem with somebody, take it to comrel. If you have something useful to offer, offer it. Nothing above has added to the conversation at all. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 29, 2015 at 12:55 PM, Volker Armin Hemmann wrote: >> and dump people keep talking nonsencely that sysvinit is enough while it >> cannot even handle reboot for normal user. sad. >> >> >> > > it can. Did for decaded. > > Dumb systemd fanbois spouting their lies everywhere. Sad. > "Sad" doesn't even begin to describe the behaviour of Mr. "can learn anything I want very very fast", the famous "expert of all kinds". What beats me is the apparent tolerance of this list towards this kind of attitude. In case someone forgot, this microcai critter is the same self-styled genious who made his Grand Entrance to this list on 11/11/12 saying "byebye haters . Comunitiy doesn't need people like you" Regards, Jorge Almeida
Re: [gentoo-user] How to poweroff the system from user?
Am 26.03.2015 um 01:46 schrieb microcai: > on Saturday 21 March 2015 13:58:45,Canek Peláez Valdés wrote: >> On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman wrote: >>> On Sat, Mar 21, 2015 at 3:39 PM, German wrote: No, I am trying to shutdown from a console >>> Well, the old answer would be that you need to use sudo to run it, as >>> shutting down is a privileged operation. >>> >>> I suspect that the new answer is that with appropriate >>> policykit/consolekit/etc settings you can probably allow somebody >>> sitting at a physical console to shut down the system, or any >>> logged-in user if you prefer. However, I haven't actually set that up >>> myself. >> logind does that for you automagically™. The first seat has the rights to >> poweroff or reboot the machine, and it can differentiate between local and >> remote logins. You can check if your user session has the permissions to >> poweroff/reboot via dbus: >> >> $ gdbus call --system --dest org.freedesktop.login1 --object-path >> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff >> ('yes',) >> >> $ gdbus call --system --dest org.freedesktop.login1 --object-path >> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot >> ('yes',) >> >> But you need systemd to use logind1. There has been some attempts to >> reimplement logind outside systemd, but I'm not sure how advanced they are. >> >> This kind of problems were one of the reasons for creating logind. >> > and dump people keep talking nonsencely that sysvinit is enough while it > cannot even handle reboot for normal user. sad. > > > it can. Did for decaded. Dumb systemd fanbois spouting their lies everywhere. Sad.
Re: [gentoo-user] How to poweroff the system from user?
Peter Humphrey writes: > The remaining question is: why is the user not allowed to halt it? It's because a user who wants to somewhat permanently disrupt the services the machine provides would need to remain at the keyboard to continue to reboot it and thus can be caught more easily than a user who shuts the machine down and then escapes. This is assuming that a user who does such things isn't smart enough to enter the BIOS setup before they escape, which characterizes users doing such things. That leaves the question why a user who isn't even logged in should be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. Such users shouldn't be allowed to do anything but to log in. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] How to poweroff the system from user?
On Wed, Mar 25, 2015 at 8:53 PM, microcai wrote: > on Sunday 22 March 2015 02:32:00,German wrote: >> >> /sbin/poweroff says "Must be a superuser" :( > > then it's high time for you to trash away sysvint and openrc, and try > systemd!!! I doubt that Fedora developers and users would be happy to know that you're trolling with a Fedora email address. Anyway, logind+polkit are the reason that systemd allows a user at the console to shutdown a system. Run "pkaction --verbose --action-id org.freedesktop.login1.power-off" to see why. The same can be set up with consolekit+polkit when booting with sysv+openrc.
Re: [gentoo-user] How to poweroff the system from user?
German wrote: > If I run poweroff from root, the system shuts down, however when I > run poweroff from user -- command not found. How to shut down the > system from user? Thanks I modified a line in /etc/inittab so that I can shutdown my system as user with Ctrl+Alt+Del: # What to do at the "Three Finger Salute". ca:12345:ctrlaltdel:/sbin/shutdown -h now It works even without systemd. ;-) -- Regards wabe
Re: [gentoo-user] How to poweroff the system from user?
on Sunday 22 March 2015 02:32:00,German wrote: > On Sat, 21 Mar 2015 18:51:58 -0400 > > Fernando Rodriguez wrote: > > On Saturday, March 21, 2015 4:58:42 PM German wrote: > > > On Sat, 21 Mar 2015 16:32:25 -0400 > > > > > > Philip Webb wrote: > > > > 150321 German wrote: > > > > > If I run poweroff from root, the system shuts down. > > > > > When I run poweroff from user -- command not found. > > > > > How to shut down the system from user ? > > > > > > > > I'ld say "Don't" : it's contrary to the principles of Unix, > > > > which separate the roles of sysadmin (root) from those of ordinary > > > > users. > > > > > > > > To shut down, I first exit Fluxbox via its menu, > > > > then 'su' + root password, then alias 'down' = 'shutdown -h now'. > > > > That observes the proper roles + ceremonies (smile). > > > > > > Interesting. But as I said ealier, I can reboot the system when I am a > > > user > > > > by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? > > Strange > > > > > > Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local > > session (if there's no other users logged in locally). > > /sbin/poweroff says "Must be a superuser" :( then it's high time for you to trash away sysvint and openrc, and try systemd!!! > > Like I said, /sbin is only on the search path for root by default on > > gentoo.
Re: [gentoo-user] How to poweroff the system from user?
on Saturday 21 March 2015 13:58:45,Canek Peláez Valdés wrote: > On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman wrote: > > On Sat, Mar 21, 2015 at 3:39 PM, German wrote: > > > No, I am trying to shutdown from a console > > > > Well, the old answer would be that you need to use sudo to run it, as > > shutting down is a privileged operation. > > > > I suspect that the new answer is that with appropriate > > policykit/consolekit/etc settings you can probably allow somebody > > sitting at a physical console to shut down the system, or any > > logged-in user if you prefer. However, I haven't actually set that up > > myself. > > logind does that for you automagically™. The first seat has the rights to > poweroff or reboot the machine, and it can differentiate between local and > remote logins. You can check if your user session has the permissions to > poweroff/reboot via dbus: > > $ gdbus call --system --dest org.freedesktop.login1 --object-path > /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff > ('yes',) > > $ gdbus call --system --dest org.freedesktop.login1 --object-path > /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot > ('yes',) > > But you need systemd to use logind1. There has been some attempts to > reimplement logind outside systemd, but I'm not sure how advanced they are. > > This kind of problems were one of the reasons for creating logind. > and dump people keep talking nonsencely that sysvinit is enough while it cannot even handle reboot for normal user. sad. > Regards. > -- > Canek Peláez Valdés > Profesor de asignatura, Facultad de Ciencias > Universidad Nacional Autónoma de México
Re: [gentoo-user] How to poweroff the system from user?
On 23 March 2015 at 10:46, Peter Humphrey wrote: > On Sunday 22 March 2015 14:36:36 Jc García wrote: > > 2015-03-22 4:30 GMT-06:00 Peter Humphrey : > > > On Saturday 21 March 2015 16:20:17 Jc García wrote: > > >> > Interesting. But as I said ealier, I can reboot the system when I am > > >> > a > > >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't > > >> > shut > > >> > down? Strange > > >> > > >> It's not strange, `man 2 reboot`. It's a defined behavior. > > > > > > I'm with German here. Being designed that way doesn't stop it being > > > strange. > > I see it as a last resource available for rebooting under any > > circumstances( Similar to what you can do with Sysrq). > > > > > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed > to > > > halt the machine, but I am allowed to reboot it into perhaps some quite > > > other configuration. Or I can keep rebooting it over and again, > > > effectively preventing the machine from doing its job. How does that > > > make sense? > > It doesn't and that's why it's configurable, if you are in a high > > security requiring environment, you disable it. > > The consensus seems to be that there's no point in trying to prevent a user > from rebooting the machine, and I'm happy to go along with that. > > The remaining question is: why is the user not allowed to halt it? > > -- > Rgds > Peter. > > > Maybe some people here missed my post. You CAN allow the user to halt: just substitute ca:12345:ctrlaltdel:/sbin/shutdown -r now with ca:12345:ctrlaltdel:/sbin/shutdown -P now in /etc/inittab and Ctrl-Alt-Del will shutdown instead of reboot. In fact, Ctrl-Alt-Del can be set up to do whatever you want and will have root privileges. If this is a security hole for your use case, you can comment it or set it to ca:12345:ctrlaltdel: /bin/echo 'Hey, don't touch me there!' , or you can disable it entirely in the kernel. -- Emanuele
Re: [gentoo-user] How to poweroff the system from user?
On Mon, Mar 23, 2015 at 5:46 AM, Peter Humphrey wrote: > > The remaining question is: why is the user not allowed to halt it? > Keep in mind there are many ways that a unix-like OS can be used. It could be running on a laptop, or it could be running on a multi-user system where 50 people are logged in at any given time. In the former case you want a desktop-like experience where the user can just hit the shutdown button, and in the latter case you don't want users powering off the server which might be 4 states away. The old solution to this was just having the system owner run sudo poweroff. Then desktop environments came up with a way to allow a logged in user to send a command back to the display manager (which runs as root) to tell it to shut down the system, and made whether that is allowed configurable. The most recent evolution of this is consolekit/logind, which distinguishes users logged in at the system console from those logged in remotely and grants the authority to shutdown the system if you're local. This approach also does things like assign permissions to audio devices as well, so that only the person sitting at the console can spy on the console using the microphone and you don't need to control this manually using an audio group. The other trend is for unprivileged processes access privileged functions via dbus, controlled by polkit. This allows granular control over what users/groups/etc can run what functions, potentially based on whether they're at a local console or not. You can even control that particular functions require a root password or for the user to re-enter their password. This puts all the policy rules in /etc and reduces the amount of per-application configuration. It is a bit like sudoers, but with more fine-grained control and without getting into hard-coding command lines (which can be a bit clumsy). The traditional downside to this approach has been the need to run dbus, but this is moving into the kernel and the intent is to encourage processes to utilize it as the main IPC mechanism. The end goal is to try to get reasonable default behavior without requiring either desktop or server administrators to have to do much, or to have to designate a distro as being primarily desktop vs server in nature. On a server nobody is logged in via the console, so you get restricted privileges by default. On a desktop the main user is logged in via the console and can use their webcam+mic, but others who might be allowed to login cannot remotely connect over the network and spy on the same. However, all of this is configurable - you can stick rules in /etc which change these behaviors. -- Rich
回复:Re: [gentoo-user] How to poweroff the system from user?
just security problem. server should not be that easy to be interrupted! 在2015年03月23日 17:46,Peter Humphrey 写道: On Sunday 22 March 2015 14:36:36 Jc García wrote: > 2015-03-22 4:30 GMT-06:00 Peter Humphrey : > > On Saturday 21 March 2015 16:20:17 Jc García wrote: > >> > Interesting. But as I said ealier, I can reboot the system when I am > >> > a > >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't > >> > shut > >> > down? Strange > >> > >> It's not strange, `man 2 reboot`. It's a defined behavior. > > > > I'm with German here. Being designed that way doesn't stop it being > > strange. > I see it as a last resource available for rebooting under any > circumstances( Similar to what you can do with Sysrq). > > > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to > > halt the machine, but I am allowed to reboot it into perhaps some quite > > other configuration. Or I can keep rebooting it over and again, > > effectively preventing the machine from doing its job. How does that > > make sense? > It doesn't and that's why it's configurable, if you are in a high > security requiring environment, you disable it. The consensus seems to be that there's no point in trying to prevent a user from rebooting the machine, and I'm happy to go along with that. The remaining question is: why is the user not allowed to halt it? -- Rgds Peter.
Re: [gentoo-user] How to poweroff the system from user?
On Sunday 22 March 2015 14:36:36 Jc García wrote: > 2015-03-22 4:30 GMT-06:00 Peter Humphrey : > > On Saturday 21 March 2015 16:20:17 Jc García wrote: > >> > Interesting. But as I said ealier, I can reboot the system when I am > >> > a > >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't > >> > shut > >> > down? Strange > >> > >> It's not strange, `man 2 reboot`. It's a defined behavior. > > > > I'm with German here. Being designed that way doesn't stop it being > > strange. > I see it as a last resource available for rebooting under any > circumstances( Similar to what you can do with Sysrq). > > > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to > > halt the machine, but I am allowed to reboot it into perhaps some quite > > other configuration. Or I can keep rebooting it over and again, > > effectively preventing the machine from doing its job. How does that > > make sense? > It doesn't and that's why it's configurable, if you are in a high > security requiring environment, you disable it. The consensus seems to be that there's no point in trying to prevent a user from rebooting the machine, and I'm happy to go along with that. The remaining question is: why is the user not allowed to halt it? -- Rgds Peter.
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 22, 2015 at 03:30:49AM -0400, German wrote > Thanks, I decide to go with sudo on this one. However when I try > to run it, it says: "Username is not in the sudoers file." Where is > this file located and how can I add the user to it? Thanks Here's how it works. "emerge -pv sudo" and decide whic USE flags you need for your situation. I use none of them. The main config file is /etc/sudoers *DO NOT TOUCH THAT FILE*. It'll get overwritten every time that an update of sudo comes along. sudo also reads files in its "include directory", which defaults to /etc/sudoers.d/ which is where you should put your stuff. You can have multiple files in there, and they will be executed in the same order that they sort. *DO NOT EDIT THESE FILES DIRECTLY WITH NANO/VIM/WHATEVER*. Use the command... visudo -f /etc/sudoers.d/filename where "filename" is any legal file name. visudo is a sudo feature that * gets your default editor * edits a *WORKING COPY* of the file you want to change * after you exit the editor, it tests the file syntax * if no sudo syntax errors are found it commits the file * if syntax errors are found, it warns you, and allows you to back out I have a single file /etc/sudoers.d/001 but you can have several files if you want. The desktop's hostname is "d531" and my login is "waltdnes". Adjust correspondingly for your system... waltdnes d531 = (root) NOPASSWD: /sbin/poweroff waltdnes d531 = (root) NOPASSWD: /usr/sbin/hibernate waltdnes d531 = (root) NOPASSWD: /usr/bin/simple-mtpfs -o allow_other /home/waltdnes/tablet waltdnes d531 = (root) NOPASSWD: /usr/bin/fusermount -u /home/waltdnes/tablet waltdnes d531 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf waltdnes d531 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf waltdnes d531 = (root) NOPASSWD: /usr/bin/openrdate -n -s ca.pool.ntp.org waltdnes d531 = (root) NOPASSWD: /sbin/hwclock --systohc This format allows the user to run the command, if preceeded by "sudo", and no password is required. Note that the command must be identical to what is set in /etc/sudoers.d/ e.g. sudo /sbin/poweroff I usually launch it from a script in ~/bin to same a lot of typing, and avoid typo errors. For instance, to connect my tablet or smartphone to directory ~/tablet, I have a script ~/bin/tabon #!/bin/bash sudo simple-mtpfs -o allow_other /home/waltdnes/tablet To disconnect from the device I have a script ~/bin/taboff #!/bin/bash sudo fusermount -u /home/waltdnes/tablet To sync my desktop's clock, I have a script ~/bin/settime #!/bin/bash date /usr/bin/sudo /usr/bin/openrdate -n -s ca.pool.ntp.org /usr/bin/sudo /sbin/hwclock --systohc date I have a dialup ISP (295.ca) as emergency backup in case my broadband ISP (teksavvy.com) service goes down. ISP's only let logged in users connect to the standard outbound port. So I need to change the /etc/ssmtp/ssmtp.conf file to point to the approprite ISP's server. My dialup script is... #!/bin/bash sudo /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf sudo /usr/sbin/pon u295.ca My "dialdown" script is... #!/bin/bash /usr/bin/sudo /usr/sbin/poff /usr/bin/sudo /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] How to poweroff the system from user?
2015-03-22 4:30 GMT-06:00 Peter Humphrey : > On Saturday 21 March 2015 16:20:17 Jc García wrote: >> > Interesting. But as I said ealier, I can reboot the system when I am a >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut >> > down? Strange >> It's not strange, `man 2 reboot`. It's a defined behavior. > > I'm with German here. Being designed that way doesn't stop it being strange. > I see it as a last resource available for rebooting under any circumstances( Similar to what you can do with Sysrq). > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to > halt the machine, but I am allowed to reboot it into perhaps some quite > other configuration. Or I can keep rebooting it over and again, effectively > preventing the machine from doing its job. How does that make sense? > It doesn't and that's why it's configurable, if you are in a high security requiring environment, you disable it.
Re: [gentoo-user] How to poweroff the system from user?
On Saturday 21 March 2015 16:20:17 Jc García wrote: > > Interesting. But as I said ealier, I can reboot the system when I am a > > user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut > > down? Strange > It's not strange, `man 2 reboot`. It's a defined behavior. I'm with German here. Being designed that way doesn't stop it being strange. Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to halt the machine, but I am allowed to reboot it into perhaps some quite other configuration. Or I can keep rebooting it over and again, effectively preventing the machine from doing its job. How does that make sense? -- Rgds Peter.
Re: [gentoo-user] How to poweroff the system from user?
On Sun, 22 Mar 2015 03:47:13 -0400 Fernando Rodriguez wrote: > On Sunday, March 22, 2015 3:30:49 AM German wrote: > > On Sun, 22 Mar 2015 03:19:50 -0400 > > Fernando Rodriguez wrote: > > > > > On Sunday, March 22, 2015 3:06:59 AM German wrote: > > > > On Sun, 22 Mar 2015 08:49:54 +0200 > > > > Matti Nykyri wrote: > > > > > > > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > > > > > > > Did you read any of the previous messages? They told you that you > > > > > have > to > > > have consolekit and polkit installed and configured for this to work! > > > > > > > > Yes, I've read them. However no one explianed how this has to be > > > accomplished with polkit and consolekit. > > > > > > You don't need those. It sounds like you somehow got both sysvinit and > systemd > > > installed. The message you're getting is from sysvinit. poweroff should > > > be > a > > > symlink to systemctl. Try: > > > > > > systemctl poweroff > > > > > > You may need to unmerge sysvinit and anything else related to openrc and > then > > > re-emerge systemd. With systemd it should either shutdown or ask you for > the > > > root password (if you're not logged in locally or there's other users > logged > > > > Thanks, I decide to go with sudo on this one. However when I try to run it, > it says: > > "Username is not in the sudoers file." Where is this file located and how > > can > I add the user to it? Thanks > > > > > in). > > Actually you never said anything about systemd so it's my bad. > They where talking about logind and I got it messed up with another thread > about systemd. > No problem. I guess that's what happening when you try to help everyone. > -- > Fernando Rodriguez > --
Re: [gentoo-user] How to poweroff the system from user?
On Sun, 22 Mar 2015 09:35:46 +0200 Matti Nykyri wrote: > > On Mar 22, 2015, at 9:31, Fernando Rodriguez > > wrote: > > > >> On Sunday, March 22, 2015 3:06:59 AM German wrote: > >> On Sun, 22 Mar 2015 08:49:54 +0200 > >> Matti Nykyri wrote: > >> > On Mar 22, 2015, at 8:32, German wrote: > > > /sbin/poweroff says "Must be a superuser" :( > >>> > >>> Did you read any of the previous messages? They told you that you have to > > have consolekit and polkit installed and configured for this to work! > >> > >> Yes, I've read them. However no one explianed how this has to be > > accomplished with polkit and consolekit. > > > > Actually systemd's poweroff should be on /usr/bin or /bin but if you got it > > there you shouldn't have got the command not found error so something is > > messed up with your system. Post the output to the folling > > > > ls -l /usr/bin/poweroff > > ls -l /bin/poweroff > > ls -l /sbin/poweroff > > ls -l /usr/sbin/poweroff > > > > Only one of them should list something and it should be a symlink to > > systemctl. > > From previous messages by the OP I recall that he is using OpenRC. Yes, as from fresh gentoo install. > > -- > -Matti --
Re: [gentoo-user] How to poweroff the system from user?
On Sunday, March 22, 2015 9:35:46 AM Matti Nykyri wrote: > > On Mar 22, 2015, at 9:31, Fernando Rodriguez wrote: > > > >> On Sunday, March 22, 2015 3:06:59 AM German wrote: > >> On Sun, 22 Mar 2015 08:49:54 +0200 > >> Matti Nykyri wrote: > >> > On Mar 22, 2015, at 8:32, German wrote: > > > /sbin/poweroff says "Must be a superuser" :( > >>> > >>> Did you read any of the previous messages? They told you that you have to > > have consolekit and polkit installed and configured for this to work! > >> > >> Yes, I've read them. However no one explianed how this has to be > > accomplished with polkit and consolekit. > > > > Actually systemd's poweroff should be on /usr/bin or /bin but if you got it > > there you shouldn't have got the command not found error so something is > > messed up with your system. Post the output to the folling > > > > ls -l /usr/bin/poweroff > > ls -l /bin/poweroff > > ls -l /sbin/poweroff > > ls -l /usr/sbin/poweroff > > > > Only one of them should list something and it should be a symlink to > > systemctl. > > From previous messages by the OP I recall that he is using OpenRC. Yea, I'm fucking up. I read the systemd before this one and got them mixed up...sorry -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
On Sun, 22 Mar 2015 03:35:49 -0400 Fernando Rodriguez wrote: > On Sunday, March 22, 2015 3:30:49 AM German wrote: > > On Sun, 22 Mar 2015 03:19:50 -0400 > > Fernando Rodriguez wrote: > > > > > On Sunday, March 22, 2015 3:06:59 AM German wrote: > > > > On Sun, 22 Mar 2015 08:49:54 +0200 > > > > Matti Nykyri wrote: > > > > > > > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > > > > > > > Did you read any of the previous messages? They told you that you > > > > > have > to > > > have consolekit and polkit installed and configured for this to work! > > > > > > > > Yes, I've read them. However no one explianed how this has to be > > > accomplished with polkit and consolekit. > > > > > > You don't need those. It sounds like you somehow got both sysvinit and > systemd > > > installed. The message you're getting is from sysvinit. poweroff should > > > be > a > > > symlink to systemctl. Try: > > > > > > systemctl poweroff > > > > > > You may need to unmerge sysvinit and anything else related to openrc and > then > > > re-emerge systemd. With systemd it should either shutdown or ask you for > the > > > root password (if you're not logged in locally or there's other users > logged > > > > Thanks, I decide to go with sudo on this one. However when I try to run it, > it says: > > "Username is not in the sudoers file." Where is this file located and how > > can > I add the user to it? Thanks > > > > > in). > > > > > > > > > > > See man sudo. It is huge and my head is spinning. A simple search on the web showed that I had just to add one line to "sudoers" file. Now I am able to poweroff with sudo. But the advice you're getting is for openrc (it will work until > something else breaks), you need to remove all openrc components and install > systemd properly. Why is openRC is installed at all if I need to remove it? > -- > Fernando Rodriguez > --
Re: [gentoo-user] How to poweroff the system from user?
On Sunday, March 22, 2015 3:30:49 AM German wrote: > On Sun, 22 Mar 2015 03:19:50 -0400 > Fernando Rodriguez wrote: > > > On Sunday, March 22, 2015 3:06:59 AM German wrote: > > > On Sun, 22 Mar 2015 08:49:54 +0200 > > > Matti Nykyri wrote: > > > > > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > > > > > Did you read any of the previous messages? They told you that you have to > > have consolekit and polkit installed and configured for this to work! > > > > > > Yes, I've read them. However no one explianed how this has to be > > accomplished with polkit and consolekit. > > > > You don't need those. It sounds like you somehow got both sysvinit and systemd > > installed. The message you're getting is from sysvinit. poweroff should be a > > symlink to systemctl. Try: > > > > systemctl poweroff > > > > You may need to unmerge sysvinit and anything else related to openrc and then > > re-emerge systemd. With systemd it should either shutdown or ask you for the > > root password (if you're not logged in locally or there's other users logged > > Thanks, I decide to go with sudo on this one. However when I try to run it, it says: > "Username is not in the sudoers file." Where is this file located and how can I add the user to it? Thanks > > > in). Actually you never said anything about systemd so it's my bad. They where talking about logind and I got it messed up with another thread about systemd. -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
> On Mar 22, 2015, at 9:31, Fernando Rodriguez > wrote: > >> On Sunday, March 22, 2015 3:06:59 AM German wrote: >> On Sun, 22 Mar 2015 08:49:54 +0200 >> Matti Nykyri wrote: >> On Mar 22, 2015, at 8:32, German wrote: /sbin/poweroff says "Must be a superuser" :( >>> >>> Did you read any of the previous messages? They told you that you have to > have consolekit and polkit installed and configured for this to work! >> >> Yes, I've read them. However no one explianed how this has to be > accomplished with polkit and consolekit. > > Actually systemd's poweroff should be on /usr/bin or /bin but if you got it > there you shouldn't have got the command not found error so something is > messed up with your system. Post the output to the folling > > ls -l /usr/bin/poweroff > ls -l /bin/poweroff > ls -l /sbin/poweroff > ls -l /usr/sbin/poweroff > > Only one of them should list something and it should be a symlink to > systemctl. From previous messages by the OP I recall that he is using OpenRC. -- -Matti
Re: [gentoo-user] How to poweroff the system from user?
On Sunday, March 22, 2015 3:30:49 AM German wrote: > On Sun, 22 Mar 2015 03:19:50 -0400 > Fernando Rodriguez wrote: > > > On Sunday, March 22, 2015 3:06:59 AM German wrote: > > > On Sun, 22 Mar 2015 08:49:54 +0200 > > > Matti Nykyri wrote: > > > > > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > > > > > Did you read any of the previous messages? They told you that you have to > > have consolekit and polkit installed and configured for this to work! > > > > > > Yes, I've read them. However no one explianed how this has to be > > accomplished with polkit and consolekit. > > > > You don't need those. It sounds like you somehow got both sysvinit and systemd > > installed. The message you're getting is from sysvinit. poweroff should be a > > symlink to systemctl. Try: > > > > systemctl poweroff > > > > You may need to unmerge sysvinit and anything else related to openrc and then > > re-emerge systemd. With systemd it should either shutdown or ask you for the > > root password (if you're not logged in locally or there's other users logged > > Thanks, I decide to go with sudo on this one. However when I try to run it, it says: > "Username is not in the sudoers file." Where is this file located and how can I add the user to it? Thanks > > > in). > > > > > See man sudo. But the advice you're getting is for openrc (it will work until something else breaks), you need to remove all openrc components and install systemd properly. -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
> On Mar 22, 2015, at 9:30, German wrote: > > On Sun, 22 Mar 2015 03:19:50 -0400 > Fernando Rodriguez wrote: > >>> On Sunday, March 22, 2015 3:06:59 AM German wrote: >>> On Sun, 22 Mar 2015 08:49:54 +0200 >>> Matti Nykyri wrote: >>> > On Mar 22, 2015, at 8:32, German wrote: > > > /sbin/poweroff says "Must be a superuser" :( Did you read any of the previous messages? They told you that you have to >> have consolekit and polkit installed and configured for this to work! >>> >>> Yes, I've read them. However no one explianed how this has to be >> accomplished with polkit and consolekit. >> >> You don't need those. It sounds like you somehow got both sysvinit and >> systemd >> installed. The message you're getting is from sysvinit. poweroff should be a >> symlink to systemctl. Try: >> >> systemctl poweroff >> >> You may need to unmerge sysvinit and anything else related to openrc and >> then >> re-emerge systemd. With systemd it should either shutdown or ask you for the >> root password (if you're not logged in locally or there's other users logged > > Thanks, I decide to go with sudo on this one. However when I try to run it, > it says: > "Username is not in the sudoers file." Where is this file located and how can > I add the user to it? Thanks man sudo And man sudoers The file is in /etc/sudoers -- -Matti
Re: [gentoo-user] How to poweroff the system from user?
On Sunday, March 22, 2015 3:06:59 AM German wrote: > On Sun, 22 Mar 2015 08:49:54 +0200 > Matti Nykyri wrote: > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > Did you read any of the previous messages? They told you that you have to have consolekit and polkit installed and configured for this to work! > > Yes, I've read them. However no one explianed how this has to be accomplished with polkit and consolekit. Actually systemd's poweroff should be on /usr/bin or /bin but if you got it there you shouldn't have got the command not found error so something is messed up with your system. Post the output to the folling ls -l /usr/bin/poweroff ls -l /bin/poweroff ls -l /sbin/poweroff ls -l /usr/sbin/poweroff Only one of them should list something and it should be a symlink to systemctl. -- Fernando Rodriguez signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] How to poweroff the system from user?
On Sun, 22 Mar 2015 03:19:50 -0400 Fernando Rodriguez wrote: > On Sunday, March 22, 2015 3:06:59 AM German wrote: > > On Sun, 22 Mar 2015 08:49:54 +0200 > > Matti Nykyri wrote: > > > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > > > Did you read any of the previous messages? They told you that you have to > have consolekit and polkit installed and configured for this to work! > > > > Yes, I've read them. However no one explianed how this has to be > accomplished with polkit and consolekit. > > You don't need those. It sounds like you somehow got both sysvinit and > systemd > installed. The message you're getting is from sysvinit. poweroff should be a > symlink to systemctl. Try: > > systemctl poweroff > > You may need to unmerge sysvinit and anything else related to openrc and then > re-emerge systemd. With systemd it should either shutdown or ask you for the > root password (if you're not logged in locally or there's other users logged Thanks, I decide to go with sudo on this one. However when I try to run it, it says: "Username is not in the sudoers file." Where is this file located and how can I add the user to it? Thanks > in). > > -- > Fernando Rodriguez > --
Re: [gentoo-user] How to poweroff the system from user?
> On Mar 22, 2015, at 9:11, Alexander Kapshuk > wrote: > >> On Sun, Mar 22, 2015 at 9:06 AM, German wrote: >> On Sun, 22 Mar 2015 08:49:54 +0200 >> Matti Nykyri wrote: >> >> > > On Mar 22, 2015, at 8:32, German wrote: >> > > >> > > >> > > /sbin/poweroff says "Must be a superuser" :( >> > >> > Did you read any of the previous messages? They told you that you have to >> > have consolekit and polkit installed and configured for this to work! >> >> Yes, I've read them. However no one explianed how this has to be >> accomplished with polkit and consolekit. Read http://wiki.gentoo.org/wiki/Polkit and all the links and prerequisites (consolekit and dbus) and polkit man page. >> Also the use of sudo is another choice. >> >> Sudo is just a package? > > Yes, it is. > qsearch sudo|sed 1q > app-admin/sudo Allows users or groups to run commands as other users > >> > >> > If you want every user to be able to shutdown just run this command: >> > >> > chmod 6755 /sbin/poweroff -- -Matti
Re: [gentoo-user] How to poweroff the system from user?
On Sunday, March 22, 2015 3:06:59 AM German wrote: > On Sun, 22 Mar 2015 08:49:54 +0200 > Matti Nykyri wrote: > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > Did you read any of the previous messages? They told you that you have to have consolekit and polkit installed and configured for this to work! > > Yes, I've read them. However no one explianed how this has to be accomplished with polkit and consolekit. You don't need those. It sounds like you somehow got both sysvinit and systemd installed. The message you're getting is from sysvinit. poweroff should be a symlink to systemctl. Try: systemctl poweroff You may need to unmerge sysvinit and anything else related to openrc and then re-emerge systemd. With systemd it should either shutdown or ask you for the root password (if you're not logged in locally or there's other users logged in). -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
On Sun, Mar 22, 2015 at 9:06 AM, German wrote: > On Sun, 22 Mar 2015 08:49:54 +0200 > Matti Nykyri wrote: > > > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > > > > /sbin/poweroff says "Must be a superuser" :( > > > > Did you read any of the previous messages? They told you that you have > to have consolekit and polkit installed and configured for this to work! > > Yes, I've read them. However no one explianed how this has to be > accomplished with polkit and consolekit. > > Also the use of sudo is another choice. > > Sudo is just a package? > Yes, it is. qsearch sudo|sed 1q app-admin/sudo Allows users or groups to run commands as other users > > > > If you want every user to be able to shutdown just run this command: > > > > chmod 6755 /sbin/poweroff > > > > -- > > -Matti > > > -- > > >
Re: [gentoo-user] How to poweroff the system from user?
On Sun, 22 Mar 2015 08:49:54 +0200 Matti Nykyri wrote: > > On Mar 22, 2015, at 8:32, German wrote: > > > > > > /sbin/poweroff says "Must be a superuser" :( > > Did you read any of the previous messages? They told you that you have to > have consolekit and polkit installed and configured for this to work! Yes, I've read them. However no one explianed how this has to be accomplished with polkit and consolekit. Also the use of sudo is another choice. Sudo is just a package? > > If you want every user to be able to shutdown just run this command: > > chmod 6755 /sbin/poweroff > > -- > -Matti --
Re: [gentoo-user] How to poweroff the system from user?
> On Mar 22, 2015, at 8:32, German wrote: > > > /sbin/poweroff says "Must be a superuser" :( Did you read any of the previous messages? They told you that you have to have consolekit and polkit installed and configured for this to work! Also the use of sudo is another choice. If you want every user to be able to shutdown just run this command: chmod 6755 /sbin/poweroff -- -Matti
Re: [gentoo-user] How to poweroff the system from user?
On Sat, 21 Mar 2015 18:51:58 -0400 Fernando Rodriguez wrote: > On Saturday, March 21, 2015 4:58:42 PM German wrote: > > On Sat, 21 Mar 2015 16:32:25 -0400 > > Philip Webb wrote: > > > > > 150321 German wrote: > > > > If I run poweroff from root, the system shuts down. > > > > When I run poweroff from user -- command not found. > > > > How to shut down the system from user ? > > > > > > I'ld say "Don't" : it's contrary to the principles of Unix, > > > which separate the roles of sysadmin (root) from those of ordinary users. > > > > > > To shut down, I first exit Fluxbox via its menu, > > > then 'su' + root password, then alias 'down' = 'shutdown -h now'. > > > That observes the proper roles + ceremonies (smile). > > > > Interesting. But as I said ealier, I can reboot the system when I am a user > by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? > Strange > > > > > Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local session > (if > there's no other users logged in locally). /sbin/poweroff says "Must be a superuser" :( > > Like I said, /sbin is only on the search path for root by default on gentoo. > > -- > Fernando Rodriguez > -- German
Re: [gentoo-user] How to poweroff the system from user?
On Saturday, March 21, 2015 11:52:45 PM Emanuele Rusconi wrote: > Ctrl-Alt-Del can be set to do what you want. > > I have this in my /etc/inittab: > > ca:12345:ctrlaltdel:/sbin/shutdown -P now > > This way Ctrl-Alt-Del calls power off instead of reboot. > So to shutdown I just exit from Openbox and press Ctrl-Alt-Del. > > -- Emanuele Rusconi Also sysvinit specific. On systemd you need to copy /usr/lib/systemd/system/ctrl-alt-del.target to /etc/systemd/system and edit that file. -- Fernando Rodriguez signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] How to poweroff the system from user?
Ctrl-Alt-Del can be set to do what you want. I have this in my /etc/inittab: ca:12345:ctrlaltdel:/sbin/shutdown -P now This way Ctrl-Alt-Del calls power off instead of reboot. So to shutdown I just exit from Openbox and press Ctrl-Alt-Del. -- Emanuele Rusconi
Re: [gentoo-user] How to poweroff the system from user?
On Saturday, March 21, 2015 4:58:42 PM German wrote: > On Sat, 21 Mar 2015 16:32:25 -0400 > Philip Webb wrote: > > > 150321 German wrote: > > > If I run poweroff from root, the system shuts down. > > > When I run poweroff from user -- command not found. > > > How to shut down the system from user ? > > > > I'ld say "Don't" : it's contrary to the principles of Unix, > > which separate the roles of sysadmin (root) from those of ordinary users. > > > > To shut down, I first exit Fluxbox via its menu, > > then 'su' + root password, then alias 'down' = 'shutdown -h now'. > > That observes the proper roles + ceremonies (smile). > > Interesting. But as I said ealier, I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? Strange > > Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local session (if there's no other users logged in locally). Like I said, /sbin is only on the search path for root by default on gentoo. -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
On Saturday, March 21, 2015 9:35:44 PM Alexander Kapshuk wrote: > On Sat, Mar 21, 2015 at 9:34 PM, Alexander Kapshuk < > alexander.kaps...@gmail.com> wrote: > > > On Sat, Mar 21, 2015 at 9:26 PM, German wrote: > > > >> If I run poweroff from root, the system shuts down, however when I run > >> poweroff from user -- command not found. How to shut down the system from > >> user? Thanks > >> > >> -- > >> German > >> > >> > > poweroff(1) says: > > If you're not the superuser, you will get the message `must be supe‐ > >ruser'. > > > > Either run poweroff as the superuser, or if you're running Gnome, KDE, > > XFCE, etc., you may use the shutdown option available in those desktop > > environments. > > > > Others might suggest other ways of doing it. > > > > It's actually poweroff(8). Sorry. That's actually sysvinit poweroff...systemd's is different. -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
> Interesting. But as I said ealier, I can reboot the system when I am a user > by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? > Strange It's not strange, `man 2 reboot`. It's a defined behavior.
Re: [gentoo-user] How to poweroff the system from user?
On Sat, 21 Mar 2015 16:32:25 -0400 Philip Webb wrote: > 150321 German wrote: > > If I run poweroff from root, the system shuts down. > > When I run poweroff from user -- command not found. > > How to shut down the system from user ? > > I'ld say "Don't" : it's contrary to the principles of Unix, > which separate the roles of sysadmin (root) from those of ordinary users. > > To shut down, I first exit Fluxbox via its menu, > then 'su' + root password, then alias 'down' = 'shutdown -h now'. > That observes the proper roles + ceremonies (smile). Interesting. But as I said ealier, I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? Strange > > -- > ,, > SUPPORT ___//___, Philip Webb > ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto > TRANSIT`-O--O---' purslowatchassdotutorontodotca > > -- German
Re: [gentoo-user] How to poweroff the system from user?
On Sat, Mar 21, 2015 at 4:32 PM, Philip Webb wrote: > > I'ld say "Don't" : it's contrary to the principles of Unix, > which separate the roles of sysadmin (root) from those of ordinary users. > There are a couple of schools of thought there. One that differs from what you suggested is that root isn't really a pure role - it is a uid you can log in as (which mostly makes the actions you take as root anonymous in a multi-admin environment). If you're into role-based access control then you really don't want people just switching to root all the time - you want to define roles and their specific requirements, and then assign those roles to users. Sudo is a simple tool for doing this, but stuff like consolekit/logind/policykit and so on are about giving more granular access to users. Likewise posix capabilities are all about making what traditionally is root much more granular. But, yes, the simple answer is to just log in as root to power off the system. That will almost certainly work for at least the next 20 years. Everything else is just added capabilities. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
150321 German wrote: > If I run poweroff from root, the system shuts down. > When I run poweroff from user -- command not found. > How to shut down the system from user ? I'ld say "Don't" : it's contrary to the principles of Unix, which separate the roles of sysadmin (root) from those of ordinary users. To shut down, I first exit Fluxbox via its menu, then 'su' + root password, then alias 'down' = 'shutdown -h now'. That observes the proper roles + ceremonies (smile). -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] How to poweroff the system from user?
2015-03-21 14:01 GMT-06:00 German : > On Sat, 21 Mar 2015 15:47:16 -0400 > Rich Freeman wrote: > >> On Sat, Mar 21, 2015 at 3:39 PM, German wrote: >> > >> > No, I am trying to shutdown from a console >> >> Well, the old answer would be that you need to use sudo to run it, as >> shutting down is a privileged operation. >> >> I suspect that the new answer is that with appropriate >> policykit/consolekit/etc settings you can probably allow somebody >> sitting at a physical console to shut down the system, or any >> logged-in user if you prefer. However, I haven't actually set that up >> myself. > > Well, I am the only one sitting at the console :) Are there any key > combination which allows that? I can reboot even if I am a user with > Ctrl+Alt+Delete >> Just use sudo to allow your user to shutdwon without password(suders(5) manpage is your friend), and put an alias in your bashrc: alias poweroff="sudo /sbin/poweroff"
Re: [gentoo-user] How to poweroff the system from user?
On Saturday, March 21, 2015 3:26:56 PM German wrote: > If I run poweroff from root, the system shuts down, however when I run poweroff from user -- command not found. How to shut down the system from user? Thanks > > The command not found part is because /sbin and /usr/sbin and on gentoo it's not on your PATH env var by default. I think it's supposed to be a security measure but really it provides no security whatsoever so I always add it to my path. After that you'll be able to shutdown if there's no other active sessions, otherwise you should be prompted for password. -- Fernando Rodriguez
Re: [gentoo-user] How to poweroff the system from user?
On Sat, 21 Mar 2015 15:47:16 -0400 Rich Freeman wrote: > On Sat, Mar 21, 2015 at 3:39 PM, German wrote: > > > > No, I am trying to shutdown from a console > > Well, the old answer would be that you need to use sudo to run it, as > shutting down is a privileged operation. > > I suspect that the new answer is that with appropriate > policykit/consolekit/etc settings you can probably allow somebody > sitting at a physical console to shut down the system, or any > logged-in user if you prefer. However, I haven't actually set that up > myself. Well, I am the only one sitting at the console :) Are there any key combination which allows that? I can reboot even if I am a user with Ctrl+Alt+Delete > > -- > Rich > -- German
Re: [gentoo-user] How to poweroff the system from user?
On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman wrote: > > On Sat, Mar 21, 2015 at 3:39 PM, German wrote: > > > > No, I am trying to shutdown from a console > > Well, the old answer would be that you need to use sudo to run it, as > shutting down is a privileged operation. > > I suspect that the new answer is that with appropriate > policykit/consolekit/etc settings you can probably allow somebody > sitting at a physical console to shut down the system, or any > logged-in user if you prefer. However, I haven't actually set that up > myself. logind does that for you automagically™. The first seat has the rights to poweroff or reboot the machine, and it can differentiate between local and remote logins. You can check if your user session has the permissions to poweroff/reboot via dbus: $ gdbus call --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff ('yes',) $ gdbus call --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot ('yes',) But you need systemd to use logind1. There has been some attempts to reimplement logind outside systemd, but I'm not sure how advanced they are. This kind of problems were one of the reasons for creating logind. Regards. -- Canek Peláez Valdés Profesor de asignatura, Facultad de Ciencias Universidad Nacional Autónoma de México
Re: [gentoo-user] How to poweroff the system from user?
On Sat, Mar 21, 2015 at 3:39 PM, German wrote: > > No, I am trying to shutdown from a console Well, the old answer would be that you need to use sudo to run it, as shutting down is a privileged operation. I suspect that the new answer is that with appropriate policykit/consolekit/etc settings you can probably allow somebody sitting at a physical console to shut down the system, or any logged-in user if you prefer. However, I haven't actually set that up myself. -- Rich
Re: [gentoo-user] How to poweroff the system from user?
On Sat, 21 Mar 2015 21:34:51 +0200 Alexander Kapshuk wrote: > On Sat, Mar 21, 2015 at 9:26 PM, German wrote: > > > If I run poweroff from root, the system shuts down, however when I run > > poweroff from user -- command not found. How to shut down the system from > > user? Thanks > > > > -- > > German > > > > > poweroff(1) says: > If you're not the superuser, you will get the message `must be supe‐ >ruser'. > > Either run poweroff as the superuser, or if you're running Gnome, KDE, > XFCE, etc., you may use the shutdown option available in those desktop > environments. No, I am trying to shutdown from a console > > Others might suggest other ways of doing it. -- German
Re: [gentoo-user] How to poweroff the system from user?
On Sat, Mar 21, 2015 at 9:34 PM, Alexander Kapshuk < alexander.kaps...@gmail.com> wrote: > On Sat, Mar 21, 2015 at 9:26 PM, German wrote: > >> If I run poweroff from root, the system shuts down, however when I run >> poweroff from user -- command not found. How to shut down the system from >> user? Thanks >> >> -- >> German >> >> > poweroff(1) says: > If you're not the superuser, you will get the message `must be supe‐ >ruser'. > > Either run poweroff as the superuser, or if you're running Gnome, KDE, > XFCE, etc., you may use the shutdown option available in those desktop > environments. > > Others might suggest other ways of doing it. > It's actually poweroff(8). Sorry.
Re: [gentoo-user] How to poweroff the system from user?
On Sat, Mar 21, 2015 at 9:26 PM, German wrote: > If I run poweroff from root, the system shuts down, however when I run > poweroff from user -- command not found. How to shut down the system from > user? Thanks > > -- > German > > poweroff(1) says: If you're not the superuser, you will get the message `must be supe‐ ruser'. Either run poweroff as the superuser, or if you're running Gnome, KDE, XFCE, etc., you may use the shutdown option available in those desktop environments. Others might suggest other ways of doing it.
[gentoo-user] How to poweroff the system from user?
If I run poweroff from root, the system shuts down, however when I run poweroff from user -- command not found. How to shut down the system from user? Thanks -- German