Shutdown permissions - Slackware

This is a discussion on Shutdown permissions - Slackware ; Sebastian Fedrau wrote: > Sorry, but I don't think that you can compare a running linux machine > to a windows computer with a password protected screensaver. I would > never think that someone forgot to turn off the computer ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 72

Thread: Shutdown permissions

  1. Re: Shutdown permissions

    Sebastian Fedrau wrote:


    > Sorry, but I don't think that you can compare a running linux machine
    > to a windows computer with a password protected screensaver. I would
    > never think that someone forgot to turn off the computer when I see a
    > running linux system.


    Depends on the environment. Yes, if servers fair comment. However, in this
    context, desktop, no difference. No way for person to issue a shutdown
    appropriate to that system before it gets switched off at the wall.

    Pete


    --
    http://www.petezilla.co.uk

  2. Re: Shutdown permissions

    Peter Chant wrote:


    > OK, rudely following up myself. Looks like I need a small edit
    > in /etc/acpi/events/default and I'm sorted. If you don't see any posts
    > for a few days its because it didn't work and I hosed my system without
    > shutting it down properly!


    Hmm, does not work, even with checking ACPI is enabled in bios and
    rebooting. However, having it working would not exactly change my life.

    No acpi messages in syslog.

    Pete

    --
    http://www.petezilla.co.uk

  3. Re: Shutdown permissions

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2007-11-21, ~kurt wrote:
    > What does this have to do with a user being able to turn off a computer
    > by pushing the power switch? There needs to be an easy way for the user
    > to shut the system down nicely whenever the user wants to, or else the user
    > will do it the really quick way....


    Ask and ye shall receive.

    alan@raven:/etc/acpi$ cat acpi_handler.sh
    #!/bin/sh
    # Default acpi script that takes an entry for all actions

    IFS=${IFS}/
    set $@

    case "$1" in
    button)
    case "$2" in
    power) /sbin/init 0
    ;;
    *) logger "ACPI action $2 is not defined"
    ;;
    esac
    ;;
    *)
    logger "ACPI group $1 / action $2 is not defined"
    ;;
    esac


    - --
    It is better to hear the rebuke of the wise,
    Than for a man to hear the song of fools.
    Ecclesiastes 7:5
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFHRJJ2rZS6hX/gvjoRAosYAJ9qFY8f2x4Ih+QgR3fGM+RL+YpYwgCgrwWD
    +doqpsdMWC51l/yNJox+UCg=
    =fOSU
    -----END PGP SIGNATURE-----

  4. Re: Shutdown permissions

    Ron Gibson wrote:


    > Another option is to do this using sudo. First install sudo:
    >
    > # pacman -Sy sudo
    >


    Watch out, you have your Arch head on there. :-)

    --
    http://www.petezilla.co.uk

  5. Re: Shutdown permissions

    +Alan Hicks+ wrote:

    >
    > Ask and ye shall receive.
    >
    > alan@raven:/etc/acpi$ cat acpi_handler.sh


    Alan,

    maybe I have got the wrong end of the stick but I thought acpi_handler.sh
    was a default catch all if no other rules in /etc/acpi/events match. To my
    (probally wrong) eyes, rather than creating a rule instead you have
    reworked the default option.

    ================================================== ==================

    root@phoenix:/etc/acpi/events# cat default
    # This is the ACPID default configuration, it takes all
    # events and passes them to /etc/acpi/default.sh for further
    # processing.

    # event keeps a regular expression matching the event. To get
    # power events only, just use something like "event=button power.*"
    # to catch it.
    # action keeps the command to be executed after an event occurs
    # In case of the power event above, your entry may look this way:
    #event=button power.*
    #action=/sbin/init 0

    # Optionally you can specify the placeholder %e. It will pass
    # through the whole kernel event message to the program you've
    # specified.

    event=.*
    action=/etc/acpi/acpi_handler.sh %e
    root@phoenix:/etc/acpi/events#

    ================================================== =================


    I assumed that if I commented out the event=button power.* and
    action=/sbin/init 0 then it should work.

    However, from running acpid -d, pressing my power button does not generate
    and event even though acpi is enabled in the bios. :-(

    Pete

    --
    http://www.petezilla.co.uk

  6. Re: Shutdown permissions

    Peter Chant wrote:
    >However, from running acpid -d, pressing my power button does not generate
    >and event even though acpi is enabled in the bios. :-(


    Try:
    modprobe button

  7. Re: Shutdown permissions

    CBFalconer wrote:
    > ~kurt wrote:
    >>

    > ... snip ...
    >>
    >> I agree it is stupid to not allow users to nicely shutdown a
    >> computer they have access to. I never understood that.

    >
    > No it isn't. There may be other users of all sorts, including
    > remote. It is up to the sysop to shut down, not the
    > non-priviledged user.


    What is it you people don't understand? Yes, in principle users should
    not be deciding when to shut down, or reboot, a machine. In reality, if
    you don't give them easy access to this, they will shut the computer
    off manually by hitting the switch, or pulling the plug. What about this
    concept doesn't make sense? Why then, would you not want to allow a user
    to be able to shut down the computer they are sitting at - it is
    stupid to not allow this. It just gets to me because I see it done quite
    often and I would really like to understand what is going through the
    sys admins' heads when they decided this. It just results in people bringing
    computers down hard.

    - Kurt

  8. Re: Shutdown permissions

    ~kurt wrote:
    > CBFalconer wrote:
    >> ~kurt wrote:
    >> ... snip ...
    >>> I agree it is stupid to not allow users to nicely shutdown a
    >>> computer they have access to. I never understood that.

    >> No it isn't. There may be other users of all sorts, including
    >> remote. It is up to the sysop to shut down, not the
    >> non-priviledged user.

    >
    > What is it you people don't understand? Yes, in principle users should
    > not be deciding when to shut down, or reboot, a machine. In reality, if
    > you don't give them easy access to this, they will shut the computer
    > off manually by hitting the switch, or pulling the plug. What about this
    > concept doesn't make sense? Why then, would you not want to allow a user
    > to be able to shut down the computer they are sitting at - it is
    > stupid to not allow this. It just gets to me because I see it done quite
    > often and I would really like to understand what is going through the
    > sys admins' heads when they decided this. It just results in people bringing
    > computers down hard.


    The main problem is due to the way unix was implemented it is not easy
    to determine if a user has a physical access or not. It is reasonable to
    allow users having a physical access to be able to shutdown but it would
    not be reasonable to allow users logged in remotely (via ssh) to
    shutdown. I know that some other distributions use PAM in other to
    achieve this but, for other reasons, PV think PAM is insecure and do not
    include it.

    Olive

  9. Re: Shutdown permissions

    Petri Kaukasoina wrote:

    > Peter Chant wrote:
    >>However, from running acpid -d, pressing my power button does not generate
    >>and event even though acpi is enabled in the bios. :-(

    >
    > Try:
    > modprobe button


    Cheers. I thought this sort of thing ought to load automatically?

    Pete

    --
    http://www.petezilla.co.uk

  10. Re: Shutdown permissions

    Olive wrote:
    >
    > The main problem is due to the way unix was implemented it is not easy
    > to determine if a user has a physical access or not. It is reasonable to
    > allow users having a physical access to be able to shutdown but it would
    > not be reasonable to allow users logged in remotely (via ssh) to
    > shutdown. I know that some other distributions use PAM in other to
    > achieve this but, for other reasons, PV think PAM is insecure and do not
    > include it.


    I understand this - I would be hesitant to suid or sudo on a networt for
    this reason. Now days, acpid offers a good solution. Unless it is really
    old hardware that doesn't support this, that sounds like the best solution.
    As I said, an easy way is to change what the three-finger-salute does.

    The Sun boxes I work on have a nice solution. There is a key that is active
    when a user is logged into the system. You push it, and you can put the
    system to sleep, reboot, or shutdown.

    - Kurt

  11. Re: Shutdown permissions

    On 2007-11-22, ~kurt wrote:
    >
    > As I said, an easy way is to change what the three-finger-salute does.


    The three-finger salute doesn't work over a network, so you can tell
    your console-based users to use that to restart the system, then if they
    want a real shutdown, kill the power when the BIOS starts checking RAM.
    Alternatively, if you're using kdm, have them log out, then allow kdm to
    present the shutdown/reboot options on the login screen. (If you're
    using xdm, teach your users ctrl-alt-f1, then tell them to do
    ctrl-alt-f1, ctrl-alt-del.)

    --keith

    --
    kkeller-usenet@wombat.san-francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
    see X- headers for PGP signature information


  12. Re: Shutdown permissions

    ~kurt wrote:
    > CBFalconer wrote:
    >> ~kurt wrote:
    >>>

    >> ... snip ...
    >>>
    >>> I agree it is stupid to not allow users to nicely shutdown a
    >>> computer they have access to. I never understood that.

    >>
    >> No it isn't. There may be other users of all sorts, including
    >> remote. It is up to the sysop to shut down, not the
    >> non-priviledged user.

    >
    > What is it you people don't understand? Yes, in principle users
    > should not be deciding when to shut down, or reboot, a machine.
    > In reality, if you don't give them easy access to this, they
    > will shut the computer off manually by hitting the switch, or
    > pulling the plug. What about this concept doesn't make sense?
    > Why then, would you not want to allow a user to be able to shut
    > down the computer they are sitting at - it is stupid to not
    > allow this. It just gets to me because I see it done quite
    > often and I would really like to understand what is going
    > through the sys admins' heads when they decided this. It just
    > results in people bringing computers down hard.


    No, you don't appreciate the situation. First, a remote user
    should not be able to shut the machine off. I think that is clear
    to all. The way to do this is not to give him/her the power. The
    way to protect that power is to make shutdown require sysop, i.e.
    root, status.

    Secondly, even if the user is right at the main machine, there is
    no reason to assume there is not some other user on it, operating
    'remotely'. That doesn't mean over the Internet, it may simply
    mean access via a serial port. Again, you don't want that user
    shutting off the other user. The cure is the same.

    That leaves someone knowledgeable able to shut down. All he has to
    know is the root password, or possibly the appropriate sudu capable
    user name and password. He can log on, prevent further log ons,
    give warnings, and shut down if he feels it is safe to do so.

    This is also one of the reasons that root login is usually
    prevented over dial-in lines.

    --
    Chuck F (cbfalconer at maineline dot net)

    Try the download section.



    --
    Posted via a free Usenet account from http://www.teranews.com


  13. Re: Shutdown permissions

    CBFalconer wrote:

    > No, you don't appreciate the situation. First, a remote user


    I very well do - you, and other sys-admins who don't seem to understand
    the situation.

    > should not be able to shut the machine off. I think that is clear
    > to all. The way to do this is not to give him/her the power. The


    No problem with that.

    > Secondly, even if the user is right at the main machine, there is
    > no reason to assume there is not some other user on it, operating
    > 'remotely'. That doesn't mean over the Internet, it may simply
    > mean access via a serial port. Again, you don't want that user
    > shutting off the other user. The cure is the same.


    So what. If the user decides to power down the machine he is sitting at,
    he will do so. If you provide a clean way to do this, the user just
    might be able to do this. You gain *nothing* by not allowing the user
    to shut down the machine he is sitting at.

    > That leaves someone knowledgeable able to shut down. All he has to


    No, it only leaves someone with root or sudo access to shut the
    machine down nicely.

    > know is the root password, or possibly the appropriate sudu capable
    > user name and password. He can log on, prevent further log ons,
    > give warnings, and shut down if he feels it is safe to do so.


    Maybe in a fairy tale work environment, this can be realized. But in a
    real work environment, users are not generally given any form of
    root privileges, and the system administrators are generally nowhere to
    be found. Many networks exist without a local system administrator.
    There is no one to turn to when a machine needs (or, is perceived to need)
    to be shut down. Once again, provide the user with a way of shutting the
    machine down - otherwise the machine will get brought down hard. I just
    don't see what is so hard about this concept.

    - Kurt

  14. Re: Shutdown permissions

    Keith Keller wrote:
    >
    > The three-finger salute doesn't work over a network, so you can tell
    > your console-based users to use that to restart the system, then if they


    That is why I like this method. The apci one has similar advantages.

    > want a real shutdown, kill the power when the BIOS starts checking RAM.


    I would probably just change /etc/inittab to use a "-h" instead of a "-r".

    - Kurt

  15. Re: Shutdown permissions

    ~kurt wrote:

    > Maybe in a fairy tale work environment, this can be realized. But in a
    > real work environment, users are not generally given any form of
    > root privileges, and the system administrators are generally nowhere to
    > be found. Many networks exist without a local system administrator.
    > There is no one to turn to when a machine needs (or, is perceived to need)
    > to be shut down. Once again, provide the user with a way of shutting the
    > machine down - otherwise the machine will get brought down hard. I just
    > don't see what is so hard about this concept.


    Indeed, with desktop machines, and it makes no difference between linux and
    windows, the policy may well be that you switch off machines at the end of
    the work day. So if you are last out what do you do? Try and shut down
    nicely - if you can't do that off it goes at the wall.

    With desk top machines its rare that there are remote users - if it was
    anything important they'ed be contacting a server not a desktop anyway.

    Pete

    --
    http://www.petezilla.co.uk

  16. Re: Shutdown permissions

    On Fri, 23 Nov 2007 07:27:58 +0000, ~kurt wrote:

    >> know is the root password, or possibly the appropriate sudu capable
    >> user name and password. He can log on, prevent further log ons,
    >> give warnings, and shut down if he feels it is safe to do so.


    > Maybe in a fairy tale work environment, this can be realized. But in a
    > real work environment, users are not generally given any form of
    > root privileges, and the system administrators are generally nowhere to
    > be found. Many networks exist without a local system administrator.
    > There is no one to turn to when a machine needs (or, is perceived to need)
    > to be shut down. Once again, provide the user with a way of shutting the
    > machine down - otherwise the machine will get brought down hard. I just
    > don't see what is so hard about this concept.


    There is nothing hard about the concept, for actual Linux/Unix users. You
    must remember that you are "arguing" with an ignorant Win-droid who knows
    nothing about either, and doesn't even know how to properly configure his
    signature block (even after being told how to do it by numerous people).

    What did you expect from such an ignoramus? Quit wasting your time.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  17. Re: Shutdown permissions

    On Fri, 23 Nov 2007 08:14:12 +0000, Peter Chant wrote:

    > With desk top machines its rare that there are remote users - if it was
    > anything important they'ed be contacting a server not a desktop anyway.


    Don't forget the most common case - single box with multiple users!

    Let Dad be root and everyone else shuts it off by setting suid on halt.

    --
    Email - rsgibson@verizon.borg
    Replace borg with net


  18. Re: Shutdown permissions

    On 2007-11-22, Peter Chant wrote:
    > Petri Kaukasoina wrote:
    >
    >> Peter Chant wrote:
    >>>However, from running acpid -d, pressing my power button does not generate
    >>>and event even though acpi is enabled in the bios. :-(

    >>
    >> Try:
    >> modprobe button

    >
    > Cheers. I thought this sort of thing ought to load automatically?



    From what I've read, all (or at least most) of the acpi modules should be
    loaded automatically in 2.6.24 kernels.

    -RW

  19. Re: Shutdown permissions

    Ron Gibson wrote:

    > On Fri, 23 Nov 2007 08:14:12 +0000, Peter Chant wrote:
    >
    >> With desk top machines its rare that there are remote users - if it was
    >> anything important they'ed be contacting a server not a desktop anyway.

    >
    > Don't forget the most common case - single box with multiple users!
    >
    > Let Dad be root and everyone else shuts it off by setting suid on halt.
    >


    ? Is it? Your family connect to your PC using vt100's??? (facetious)



    --
    http://www.petezilla.co.uk

  20. Re: Shutdown permissions

    Robby Workman wrote:

    >
    >
    > From what I've read, all (or at least most) of the acpi modules should be
    > loaded automatically in 2.6.24 kernels.


    I assumed that, but ended up putting modprobe buttom into rc.modules.

    Perhaps I broke something when I rebuilt the kernel. Having had no luck in
    the past with initrd I simply recompiled the kernel with ext3 and reiser
    support built in. Don't think I altered anything else.

    Pete
    --
    http://www.petezilla.co.uk

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast