Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
`shutdown` and /etc/shutdown.allow
504 views
Skip to first unread message
Timothy Madden
Oct 9, 2012, 8:00:12 PM10/9/12
to
Hello
Is there a way to allow my regular user to shut down the system with
`shutdown` command ?
I have the user name in /etc/shutdown.allow, on a line by itself, a log
in as that use on tty2, I try to run `shutdown -a -h now` and I still
get the message "You must be root to do that!".
My login name appears in the output from `cat /var/run/utmp`, as in the
manual page.
Do I need to setuid the shutdown command ?
Thank you,
Timothy Madden
Is there a way to allow my regular user to shut down the system with
`shutdown` command ?
I have the user name in /etc/shutdown.allow, on a line by itself, a log
in as that use on tty2, I try to run `shutdown -a -h now` and I still
get the message "You must be root to do that!".
My login name appears in the output from `cat /var/run/utmp`, as in the
manual page.
Do I need to setuid the shutdown command ?
Thank you,
Timothy Madden
Dan C
Oct 9, 2012, 8:21:36 PM10/9/12
to
group. Then log out and back in, and it should work.
--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
"Bother!" said Pooh, as his U-Boat sank another hospital ship.
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
Thanks, Obama: http://brandybuck.site40.net/pics/politica/thanks.jpg
notbob
Oct 9, 2012, 8:30:18 PM10/9/12
to
On 2012-10-10, Timothy Madden <termin...@gmail.com> wrote:
> Hello
>
> Is there a way to allow my regular user to shut down the system with
> `shutdown` command ?
From a tty, hit Ctrl-Alt-Del. Have you tried simply hitting the
> Hello
>
> Is there a way to allow my regular user to shut down the system with
> `shutdown` command ?
on/off button on you computer? As of 13.37, it will shutdown
completely (halt). At least mine does, which was a surprise. Otherwise su,
then invoke shutdown -h 0, which is shutdown halt in w/ zero seconds
delay from anywhere on system.
nb
--
Definition of objectivism:
"Eff you! I got mine."
http://www.nongmoproject.org/
Chick Tower
Oct 10, 2012, 7:49:38 PM10/10/12
to
On 2012-10-10, Dan C <youmust...@lan.invalid> wrote:
> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>
>> Hello
>>
>> Is there a way to allow my regular user to shut down the system with
>> `shutdown` command ?
>>
> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>
>> Hello
>>
>> Is there a way to allow my regular user to shut down the system with
>> `shutdown` command ?
>>
>> Do I need to setuid the shutdown command ?
>
>
> Edit the file /etc/group (as root) and add your username to the 'power'
> group. Then log out and back in, and it should work.
I tried your suggestion, Dan, on Slackware 13.37, but it doesn't work
> group. Then log out and back in, and it should work.
for me, even with the username in /etc/shutdown.allow.
Here's how to do it, Timothy. A line like the following goes in the
"User privilege specification" section of /etc/sudoers:
ctower amd2003 = NOPASSWD: /sbin/shutdown -h now
ctower is my username. amd2003 is the name of my machine; perhaps
LOCALHOST would work there, too. NOPASSWD means I don't have to enter
my password, but you could remove that if you wanted to help make sure
nobody shuts off the PC by mistake. Now that I think about it, the
parameters I specified for the shutdown command probably have no effect,
but I haven't tested that.
You edit the sudoers file as root via the visudo command, so you need to
know how to use vim. Keep your /etc/shutdown.allow, as it's necessary.
--
Chick Tower
For e-mail: aols2 DOT sent DOT towerboy AT xoxy DOT net
Dan C
Oct 10, 2012, 11:53:37 PM10/10/12
to
username. It's because I am a member of group 'wheel', and I have the
'wheel' group specified to run all commands with no password (in /etc/
sudoers as you suggested). Now I'm just not sure what good the 'power'
group actually is... :)
--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
Grant
Oct 11, 2012, 6:05:14 AM10/11/12
to
I am in wheel group, with no password needed access to mightier commands!
Grant.
Aragorn
Oct 11, 2012, 6:32:54 AM10/11/12
to
On Thursday 11 October 2012 05:53, Dan C conveyed the following to
alt.os.linux.slackware...
Not a good idea to allow your account passwordless access to all
commands... If your account gets compromised, this access can be
exploited.
> Now I'm just not sure what good the 'power' group actually is... :)
As I understand it, that's for doing things like hibernating/suspending
the system, and /possibly/ also needed for actually powering down the
machine when doing a "halt", as these are not necessarily synonymous -
depending on the configuration, a halt may simply halt the operating
system but leave the hardware in a powered-up state.
--
= Aragorn =
(registered GNU/Linux user #223157)
alt.os.linux.slackware...
commands... If your account gets compromised, this access can be
exploited.
> Now I'm just not sure what good the 'power' group actually is... :)
the system, and /possibly/ also needed for actually powering down the
machine when doing a "halt", as these are not necessarily synonymous -
depending on the configuration, a halt may simply halt the operating
system but leave the hardware in a powered-up state.
--
= Aragorn =
(registered GNU/Linux user #223157)
Dan C
Oct 11, 2012, 9:22:15 AM10/11/12
to
>
>> Now I'm just not sure what good the 'power' group actually is... :)
>
> As I understand it, that's for doing things like hibernating/suspending
> the system, and /possibly/ also needed for actually powering down the
> machine when doing a "halt", as these are not necessarily synonymous -
> depending on the configuration, a halt may simply halt the operating
> system but leave the hardware in a powered-up state.
doesn't do ACPI, but I think you're correct.
--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
Ottavio Caruso
Oct 11, 2012, 12:26:36 PM10/11/12
to
On Oct 11, 10:12 am, Grant <o...@grrr.id.au> wrote:
> >group actually is... :)
>
> On 11 Oct 2012 03:53:37 GMT, Dan C <youmustbejok...@lan.invalid> wrote:
>
>
>
>
>
>
>
>
>
> >On Wed, 10 Oct 2012 23:49:38 +0000, Chick Tower wrote:
>
>
>
>
>
>
>
>
>
>
> >On Wed, 10 Oct 2012 23:49:38 +0000, Chick Tower wrote:
>
> >> On 2012-10-10, Dan C <youmustbejok...@lan.invalid> wrote:
> >>> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>
> >>>> Hello
> >>> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>
>
> >>>> Is there a way to allow my regular user to shut down the system with
> >>>> `shutdown` command ?
>
> >>>> Do I need to setuid the shutdown command ?
>
> >>> Edit the file /etc/group (as root) and add your username to the 'power'
> >>> group. Then log out and back in, and it should work.
>
> >> I tried your suggestion, Dan, on Slackware 13.37, but it doesn't work
> >> for me, even with the username in /etc/shutdown.allow.
>
> >> Here's how to do it, Timothy. A line like the following goes in the
> >> "User privilege specification" section of /etc/sudoers:
>
> >> ctower amd2003 = NOPASSWD: /sbin/shutdown -h now
>
> >> ctower is my username. amd2003 is the name of my machine; perhaps
> >> LOCALHOST would work there, too. NOPASSWD means I don't have to enter
> >> my password, but you could remove that if you wanted to help make sure
> >> nobody shuts off the PC by mistake. Now that I think about it, the
> >> parameters I specified for the shutdown command probably have no effect,
> >> but I haven't tested that.
>
> >> You edit the sudoers file as root via the visudo command, so you need to
> >> know how to use vim. Keep your /etc/shutdown.allow, as it's necessary.
>
> >Yep, good call. I realize now why I'm able to shutdown with my
> >username. It's because I am a member of group 'wheel', and I have the
> >'wheel' group specified to run all commands with no password (in /etc/
> >sudoers as you suggested). Now I'm just not sure what good the 'power'
> >>>> Is there a way to allow my regular user to shut down the system with
> >>>> `shutdown` command ?
>
> >>>> Do I need to setuid the shutdown command ?
>
> >>> Edit the file /etc/group (as root) and add your username to the 'power'
> >>> group. Then log out and back in, and it should work.
>
> >> I tried your suggestion, Dan, on Slackware 13.37, but it doesn't work
> >> for me, even with the username in /etc/shutdown.allow.
>
> >> Here's how to do it, Timothy. A line like the following goes in the
> >> "User privilege specification" section of /etc/sudoers:
>
> >> ctower amd2003 = NOPASSWD: /sbin/shutdown -h now
>
> >> ctower is my username. amd2003 is the name of my machine; perhaps
> >> LOCALHOST would work there, too. NOPASSWD means I don't have to enter
> >> my password, but you could remove that if you wanted to help make sure
> >> nobody shuts off the PC by mistake. Now that I think about it, the
> >> parameters I specified for the shutdown command probably have no effect,
> >> but I haven't tested that.
>
> >> You edit the sudoers file as root via the visudo command, so you need to
> >> know how to use vim. Keep your /etc/shutdown.allow, as it's necessary.
>
> >Yep, good call. I realize now why I'm able to shutdown with my
> >username. It's because I am a member of group 'wheel', and I have the
> >'wheel' group specified to run all commands with no password (in /etc/
> >group actually is... :)
>
> Ah, for those with power, rather than command authorisation ;)
>
> I am in wheel group, with no password needed access to mightier commands!
>
> Grant.
Wasn't the 'wheel' group deprecated in the Linux community at some stage?
>
> I am in wheel group, with no password needed access to mightier commands!
>
> Grant.
Grant
Oct 11, 2012, 7:40:39 PM10/11/12
to
Grant.
Timothy Madden
Oct 12, 2012, 1:39:12 PM10/12/12
to
On 10/11/2012 02:49 AM, Chick Tower wrote:
> On 2012-10-10, Dan C <youmust...@lan.invalid> wrote:
>> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>>
>>> Hello
>>>
>>> Is there a way to allow my regular user to shut down the system with
>>> `shutdown` command ?
>>>
>>> Do I need to setuid the shutdown command ?
>>
>> Edit the file /etc/group (as root) and add your username to the 'power'
>> group. Then log out and back in, and it should work.
>
> I tried your suggestion, Dan, on Slackware 13.37, but it doesn't work
> for me, even with the username in /etc/shutdown.allow.
>
> Here's how to do it, Timothy. A line like the following goes in the
> "User privilege specification" section of /etc/sudoers:
>
> ctower amd2003 = NOPASSWD: /sbin/shutdown -h now
Yes, the power group din not work for me either:
> On 2012-10-10, Dan C <youmust...@lan.invalid> wrote:
>> On Wed, 10 Oct 2012 03:00:12 +0300, Timothy Madden wrote:
>>
>>> Hello
>>>
>>> Is there a way to allow my regular user to shut down the system with
>>> `shutdown` command ?
>>>
>>> Do I need to setuid the shutdown command ?
>>
>> Edit the file /etc/group (as root) and add your username to the 'power'
>> group. Then log out and back in, and it should work.
>
> I tried your suggestion, Dan, on Slackware 13.37, but it doesn't work
> for me, even with the username in /etc/shutdown.allow.
>
> Here's how to do it, Timothy. A line like the following goes in the
> "User privilege specification" section of /etc/sudoers:
>
> ctower amd2003 = NOPASSWD: /sbin/shutdown -h now
bash-4.2$ grep power /etc/group
power:x:84:adrian,crina
bash-4.2$ id -Gn
adrian lp floppy audio video cdrom power scanner davfs2
bash-4.2$ cat /etc/shutdown.allow
adrian
bash-4.2$ /sbin/shutdown -a -h now
shutdown: you must be root to do that!
Usage: shutdown [-akrhPHfFnc] [-t sec] time [warning message]
-a: use /etc/shutdown.allow
-k: don't really shutdown, only warn.
-r: reboot after shutdown.
-h: halt after shutdown.
-P: halt action is to turn off power.
-H: halt action is to just halt.
-f: do a 'fast' reboot (skip fsck).
-F: Force fsck on reboot.
-n: do not go through "init" but go down real fast.
-c: cancel a running shutdown.
-t secs: delay between warning and kill signal.
** the "time" argument is mandatory! (try "now") **
Using sudo worked as expected, but there is no need for the
/etc/shutdown.allow file, because `shutdown` is running as root now.
Thank you,
Timothy Madden
Timothy Madden
Oct 12, 2012, 1:40:13 PM10/12/12
to
On 10/10/2012 03:30 AM, notbob wrote:
> On 2012-10-10, Timothy Madden <termin...@gmail.com> wrote:
>> Hello
>>
>> Is there a way to allow my regular user to shut down the system with
>> `shutdown` command ?
>
> From a tty, hit Ctrl-Alt-Del. Have you tried simply hitting the
> on/off button on you computer? As of 13.37, it will shutdown
> completely (halt). At least mine does, which was a surprise. Otherwise su,
> then invoke shutdown -h 0, which is shutdown halt in w/ zero seconds
> delay from anywhere on system.
Yes, the power button works for me. I was still curious though why the
> On 2012-10-10, Timothy Madden <termin...@gmail.com> wrote:
>> Hello
>>
>> Is there a way to allow my regular user to shut down the system with
>> `shutdown` command ?
>
> From a tty, hit Ctrl-Alt-Del. Have you tried simply hitting the
> on/off button on you computer? As of 13.37, it will shutdown
> completely (halt). At least mine does, which was a surprise. Otherwise su,
> then invoke shutdown -h 0, which is shutdown halt in w/ zero seconds
> delay from anywhere on system.
`shutdown` command does not work as expected and I can not get a "soft"
shutdown of my system.
I guess it does work as expected, only the man page never mentions the
-a switch is not meant to make `shutdown` work for non-root users.
Despite this is what one can understand after reading the page.
But it looks like -a is only meant as an additional check, usually when
`shutdown` is invoked by some background process, that still has to run
as root for the command to work.
Alt+Ctrl+Del does a reboot, not poweroff, for me (Slackware 13.37
updated with slackware-current).
Thank you,
Timothy Madden
Tom Canich
Oct 12, 2012, 2:08:40 PM10/12/12
to
On 2012-10-12, Timothy Madden <termin...@gmail.com> wrote:
>> On 2012-10-10, Timothy Madden <termin...@gmail.com> wrote:
>>> Is there a way to allow my regular user to shut down the system with
>>> `shutdown` command ?
Hi Timothy,
>> On 2012-10-10, Timothy Madden <termin...@gmail.com> wrote:
>>> Is there a way to allow my regular user to shut down the system with
>>> `shutdown` command ?
> Alt+Ctrl+Del does a reboot, not poweroff, for me (Slackware 13.37
> updated with slackware-current).
36 # What to do at the "Three Finger Salute".
37 ca::ctrlaltdel:/sbin/shutdown -t5 -r now
You might modify line 37 to read:
ca::ctrlaltdel:/sbin/shutdown -t5 -h now
To halt the system instead of rebooting. Of course you will lose
the ability to reboot the system via only a three finger salute...
The line numbers above are from a stock 13.37 system -- they may
differ in -current or 14.0.
Tom
notbob
Oct 12, 2012, 3:42:21 PM10/12/12
to
Jes to edify my ignorance, what is the "ca::"? and why does a simple
/sbin/shutdown -h 0 not work, despite the file having rwxr-xr-x
permissions?
In fact, exactly why does "other users" having "execute" permission
often not work? I've always been a bit vague on that one, a glaring
hole in my nix-ucation.
/sbin/shutdown -h 0 not work, despite the file having rwxr-xr-x
permissions?
In fact, exactly why does "other users" having "execute" permission
often not work? I've always been a bit vague on that one, a glaring
hole in my nix-ucation.
Helmut Hullen
Oct 12, 2012, 4:05:00 PM10/12/12
to
Hallo, notbob,
Du meintest am 12.10.12:
>> ca::ctrlaltdel:/sbin/shutdown -t5 -h now
> Jes to edify my ignorance, what is the "ca::"?
Just run
man 5 inittab
"ca" is the "id"
The empty second field means that this line is valid in all runlevels
Viele Gruesse
Helmut
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
Du meintest am 12.10.12:
>> ca::ctrlaltdel:/sbin/shutdown -t5 -h now
> Jes to edify my ignorance, what is the "ca::"?
man 5 inittab
"ca" is the "id"
The empty second field means that this line is valid in all runlevels
Viele Gruesse
Helmut
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
Steven Masta
Oct 13, 2012, 11:14:51 AM10/13/12
to
From CHANGES_AND_HINTS.TXT in 13.37
2. User accounts with permission to do power-management tasks, such as
suspend, hibernate, reboot, and shutdown, via HAL methods should be in
the "power" group.
Steve
Dan C
Oct 13, 2012, 10:40:48 PM10/13/12
to
didn't work for him.
Works for me.
--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
Steven Masta
Oct 14, 2012, 6:04:54 PM10/14/12
to
Have you been visiting with RM or something? You wrote:
"Now I'm just not sure what good the 'power' group actually is..."
which I took to mean that you didn't know what good the 'power' group
"Now I'm just not sure what good the 'power' group actually is..."
acually is. So I replied that it's for use with HAL. HAL isn't usually
used with the command line which is why it didn't work for the OP.
Now give RM his crack-pipe back.
Steve
Tom Canich
Oct 15, 2012, 11:05:28 AM10/15/12
to
On 2012-10-12, notbob <not...@nothome.com> wrote:
> On 2012-10-12, Tom Canich <tjc...@psu.edu> wrote:
>
>> ca::ctrlaltdel:/sbin/shutdown -t5 -h now
>
> Jes to edify my ignorance, what is the "ca::"? and why does a simple
> /sbin/shutdown -h 0 not work, despite the file having rwxr-xr-x
> permissions?
>
> In fact, exactly why does "other users" having "execute" permission
> often not work? I've always been a bit vague on that one, a glaring
> hole in my nix-ucation.
Being able to execute the program doesn't grant elevated privileges,
> On 2012-10-12, Tom Canich <tjc...@psu.edu> wrote:
>
>> ca::ctrlaltdel:/sbin/shutdown -t5 -h now
>
> Jes to edify my ignorance, what is the "ca::"? and why does a simple
> /sbin/shutdown -h 0 not work, despite the file having rwxr-xr-x
> permissions?
>
> In fact, exactly why does "other users" having "execute" permission
> often not work? I've always been a bit vague on that one, a glaring
> hole in my nix-ucation.
the program runs as the user which executed it. If the program
needs to read or write anywhere, the user executing the program
needs permission for those operations.
In the case of shutdown it signals init which runs as root.
Tom
0 new messages