Shutdown permissions - Slackware

This is a discussion on Shutdown permissions - Slackware ; Peter Chant says: >+Alan Hicks+ wrote: First of all, you don't respond to The Coward unless absolutely necessary. And even then, The Coward Hicks is never referred to by his first name. cordially, as always, rm...

+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast
Results 41 to 60 of 72

Thread: Shutdown permissions

  1. Re: Shutdown permissions

    Peter Chant says:
    >+Alan Hicks+ wrote:


    First of all, you don't respond to The Coward unless absolutely
    necessary. And even then, The Coward Hicks is never referred to by
    his first name.

    cordially, as always,

    rm

  2. Re: Shutdown permissions

    Robby Workman wrote:


    > From what I've read, all (or at least most) of the acpi modules should be
    > loaded automatically in 2.6.24 kernels.
    >

    Also, from uname -a:
    Linux phoenix 2.6.21.5-skas3-v8.2-smp


    --
    http://www.petezilla.co.uk

  3. Re: Shutdown permissions

    On Tue, 20 Nov 2007 23:23:35 +0000,
    Peter Chant wrote:
    >
    >> to allow a limited number of users to shutdown the machine you
    >> can also install "sudo" and append the respective
    >> username/command to the configuration file.

    >
    > Can't see the reason for limiting who can shutdown a machine
    > that people have physical access to - it just prevents people
    > doing it the nice way. Only allowing root permission to shutdown
    > does not stop the plug coming out the wall.


    True, but bypassing the power switch and hard-wiring the box to
    the mains might.

    --
    Theodore (Ted) Heise Bloomington, IN, USA

  4. Re: Shutdown permissions

    On Thu, 22 Nov 2007 11:03:30 +0100,
    Olive wrote:
    > ~kurt wrote:


    >> ...Why then, would you not want to allow a user to be able
    >> to shut down the computer they are sitting at - it is stupid to
    >> not allow this.


    > The main problem is due to the way unix was implemented it is
    > not easy to determine if a user has a physical access or not. It
    > is reasonable to allow users having a physical access to be able
    > to shutdown but it would not be reasonable to allow users logged
    > in remotely (via ssh) to shutdown.


    Okay, maybe I'm missing something, but I'm logged into my server
    (running Slack 10.2) twice and it seems that "w" pretty readily
    distinguishes between the two sessions:


    theo@linus:~$ w
    10:11:25 up 41 days, 21:27, 2 users, load average: 0.00, 0.02,
    0.00
    USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
    theo tty1 - 10:08 3:21 0.05s 0.05s -bash
    theo pts/0 74-128-169-206.d Fri20 0.00s 0.12s 0.01s w

    Is there some reason a script couldn't verify it was being called
    by a user logged in at the console, and then call shutdown if true?

    --
    Theodore (Ted) Heise Bloomington, IN, USA

  5. Re: Shutdown permissions

    Theodore Heise wrote:
    > On Thu, 22 Nov 2007 11:03:30 +0100,
    > Olive wrote:
    >> ~kurt wrote:

    >
    >>> ...Why then, would you not want to allow a user to be able
    >>> to shut down the computer they are sitting at - it is stupid to
    >>> not allow this.

    ....
    > Okay, maybe I'm missing something, but I'm logged into my server
    > (running Slack 10.2) twice and it seems that "w" pretty readily
    > distinguishes between the two sessions:

    ....
    > Is there some reason a script couldn't verify it was being called
    > by a user logged in at the console, and then call shutdown if true?
    >


    That magic is easily achieved via sudo; there's even a shutdown
    example at the end of /etc/sudoers. Just run sudoedit and uncomment
    the line

    %users localhost=/sbin/shutdown -h now

    - Daniel

  6. Re: Shutdown permissions

    D Herring wrote:
    > Theodore Heise wrote:
    >> On Thu, 22 Nov 2007 11:03:30 +0100,
    >> Olive wrote:
    >>> ~kurt wrote:

    >>
    >>>> ...Why then, would you not want to allow a user to be able to
    >>>> shut down the computer they are sitting at - it is stupid to not
    >>>> allow this.

    > ...
    >> Okay, maybe I'm missing something, but I'm logged into my server
    >> (running Slack 10.2) twice and it seems that "w" pretty readily
    >> distinguishes between the two sessions:

    > ...
    >> Is there some reason a script couldn't verify it was being called by a
    >> user logged in at the console, and then call shutdown if true?
    >>

    >
    > That magic is easily achieved via sudo; there's even a shutdown example
    > at the end of /etc/sudoers. Just run sudoedit and uncomment the line


    s/sudoedit/visudo/

    > %users localhost=/sbin/shutdown -h now
    >
    > - Daniel


  7. Re: Shutdown permissions

    On Sun, 25 Nov 2007 10:20:30 -0500,
    Theodore Heise wrote:
    > On Thu, 22 Nov 2007 11:03:30 +0100,
    > Olive wrote:
    >
    >> ...due to the way unix was implemented it is not easy to
    >> determine if a user has a physical access or not.


    > Okay, maybe I'm missing something, but I'm logged into my server
    > (running Slack 10.2) twice and it seems that "w" pretty readily
    > distinguishes between the two sessions:
    >
    > theo@linus:~$ w
    > 10:11:25 up 41 days, 21:27, 2 users, load average: 0.00, 0.02,
    > 0.00
    > USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
    > theo tty1 - 10:08 3:21 0.05s 0.05s -bash
    > theo pts/0 74-128-169-206.d Fri20 0.00s 0.12s 0.01s w
    >
    > Is there some reason a script couldn't verify it was being called
    > by a user logged in at the console, and then call shutdown if true?


    Seems like this is a way to determine whether or not a user has
    physical access--does nobody care to comment about whether it
    would work?

    --
    Theodore (Ted) Heise Bloomington, IN, USA

  8. Re: Shutdown permissions

    Theodore Heise typed:
    > On Sun, 25 Nov 2007 10:20:30 -0500,
    > Theodore Heise wrote:
    >> theo@linus:~$ w
    >> 10:11:25 up 41 days, 21:27, 2 users, load average: 0.00, 0.02,
    >> 0.00
    >> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
    >> theo tty1 - 10:08 3:21 0.05s 0.05s -bash
    >> theo pts/0 74-128-169-206.d Fri20 0.00s 0.12s 0.01s w
    >>
    >> Is there some reason a script couldn't verify it was being called
    >> by a user logged in at the console, and then call shutdown if true?

    >
    > Seems like this is a way to determine whether or not a user has
    > physical access--does nobody care to comment about whether it
    > would work?


    Whether what would work?

    --
    Ayaz Ahmed Khan

  9. Re: Shutdown permissions

    Theodore Heise wrote:
    >
    > Seems like this is a way to determine whether or not a user has
    > physical access--does nobody care to comment about whether it
    > would work?


    Maybe no one tried? I tested the acpi button shutoff - works like a charm -
    I think it is the way to go for this situation. Most standard users go
    for the power button first thing anyway.

    - Kurt

  10. Re: Shutdown permissions

    Ron Gibson wrote:
    > On Tue, 20 Nov 2007 21:11:22 +0100, Mark South wrote:
    >
    > >> I installed Slackware 12.0 on a PC used on a comercial store. Everything
    > >> is running okay, but i want that a normal user may use the "shutdown -h
    > >> now" in order to shut down the machine. Actually only root may do that,
    > >> so is very annoying to do that everyday. How can i do that ?


    [snip]

    Here's what I do. I change the /etc/inittab file as follows:

    # What to do at the "Three Finger Salute".
    # JHR 060528 I changed this
    #ca::ctrlaltdel:/sbin/shutdown -t5 -r now
    ca::ctrlaltdel:/sbin/shutdown -t5 -h now

    It is an easy change to make (as root), and it is simple to use.
    Remember to shut down and restart before trying it the first time. To
    use exit from X first and use the Three Finger Salut (cntrl+alt+delete)
    at the command line. Your computer will shut down.

    -Joe Rosevear

  11. Re: Shutdown permissions

    Joseph H. Rosevear wrote:
    >
    > It is an easy change to make (as root), and it is simple to use.
    > Remember to shut down and restart before trying it the first time. To


    Better to just "init q" instead of restarting the computer. About the only
    time you need to shut down the system is when you recompile the kernel.

    > use exit from X first and use the Three Finger Salut (cntrl+alt+delete)
    > at the command line. Your computer will shut down.


    I switched to just taking advantage of the button module via acpid.
    It works when X is running, is probably the first thing a user will push
    anyway, and preserves what the traditional ^alt-del is expected to do.

    - Kurt

  12. Re: Shutdown permissions

    On 2007-12-22, ~kurt wrote:
    > Joseph H. Rosevear wrote:
    >>
    >> It is an easy change to make (as root), and it is simple to use.
    >> Remember to shut down and restart before trying it the first time. To

    >
    > Better to just "init q" instead of restarting the computer. About the only
    > time you need to shut down the system is when you recompile the kernel.


    Or "kill -HUP 1"

    >> use exit from X first and use the Three Finger Salut (cntrl+alt+delete)
    >> at the command line. Your computer will shut down.

    >
    > I switched to just taking advantage of the button module via acpid.
    > It works when X is running, is probably the first thing a user will push
    > anyway, and preserves what the traditional ^alt-del is expected to do.


    Who would want an ordinary user to be able to shut down the system like that?

    Shouldn't the 3-Finger-Salute call a script that notified the other users
    that the system was shutting down in N sec/min so they could wrap things up?
    And THEN shutdown?

    How is the ordinary user going to know whether someone is logged in remotely
    or not, for example?

    Tom

    --
    simpleman.s43
    That would be at gee male


  13. Re: Shutdown permissions

    Hallo, ~kurt,

    Du meintest am 22.12.07:

    >> It is an easy change to make (as root), and it is simple to use.
    >> Remember to shut down and restart before trying it the first time.


    > Better to just "init q" instead of restarting the computer. About
    > the only time you need to shut down the system is when you recompile
    > the kernel.


    "That depends!"
    In schools it's a good solution to tell the concierge: "stop the machine
    with Ctrl-alt-del". He has the key for the server room, he has to know
    what to do in case of emergency.

    Ok - the UPS should shut down the machine too. But that can take many
    minutes.

    Viele Gruesse
    Helmut

    "Ubuntu" - an African word, meaning "Slackware is too hard for me".


  14. Re: Shutdown permissions

    On 2007-12-22, Tom N wrote:
    > On 2007-12-22, ~kurt wrote:
    >> Joseph H. Rosevear wrote:
    >>>
    >>> It is an easy change to make (as root), and it is simple to use.
    >>> Remember to shut down and restart before trying it the first time. To

    >>
    >> Better to just "init q" instead of restarting the computer. About the only
    >> time you need to shut down the system is when you recompile the kernel.

    >
    > Or "kill -HUP 1"
    >
    >>> use exit from X first and use the Three Finger Salut (cntrl+alt+delete)
    >>> at the command line. Your computer will shut down.

    >>
    >> I switched to just taking advantage of the button module via acpid.
    >> It works when X is running, is probably the first thing a user will push
    >> anyway, and preserves what the traditional ^alt-del is expected to do.

    >
    > Who would want an ordinary user to be able to shut down the system like that?
    >
    > Shouldn't the 3-Finger-Salute call a script that notified the other users
    > that the system was shutting down in N sec/min so they could wrap things up?
    > And THEN shutdown?
    >
    > How is the ordinary user going to know whether someone is logged in remotely
    > or not, for example?


    So there would need to be an option for another user to override the shutdown...

    Tom

    --
    simpleman.s43
    That would be at gee male


  15. Re: Shutdown permissions

    Tom N wrote:
    > On 2007-12-22, ~kurt wrote:
    >>
    >> I switched to just taking advantage of the button module via acpid.
    >> It works when X is running, is probably the first thing a user will push
    >> anyway, and preserves what the traditional ^alt-del is expected to do.

    >
    > Who would want an ordinary user to be able to shut down the system like that?


    We had actually gotten into a big discussion over this - I think just before
    you started reading this group. There are those who for some reason believe a
    normal user should not be allowed to shut down a system nicely even if they
    have physical access to it (the power button and, even worse, the power cord).
    I can't fathom why anyone would think this way. It makes no sense to me. And
    there are those of us who believe a user should be able to shut down a system
    nicely if they have physical access to it - we understand that user will
    simply turn the computer off if they are not given this option. I think
    pretty much everyone agreed that a normal user should not be allowed to
    shut down a system remotely. The solutions were via sudo (I believe you can
    limit shutdown to only the local user - don't remember), the three finger
    salute (I had brought that one up), and the acpid button module which brings
    the system down.

    > Shouldn't the 3-Finger-Salute call a script that notified the other users
    > that the system was shutting down in N sec/min so they could wrap things up?
    > And THEN shutdown?


    I believe shutdown will do this automatically with the correct parameters -
    no extra script needed. Although, the remote user might not notice it.

    >
    > How is the ordinary user going to know whether someone is logged in remotely
    > or not, for example?


    who
    rusers

    But, will that normal user care? It would be nice if the user shut the
    machine down so there would be some type of warning, but I believe the
    deal now days is that if you are remotely logged into a computer,
    don't assume it isn't going to get shut off out from under you. There
    is nothing that can be down about this when the user has physical access
    to the machine.

    - Kurt

  16. Re: Shutdown permissions

    On 2007-12-22, ~kurt wrote:
    > Tom N wrote:
    >> On 2007-12-22, ~kurt wrote:
    >>>
    >>> I switched to just taking advantage of the button module via acpid.
    >>> It works when X is running, is probably the first thing a user will push
    >>> anyway, and preserves what the traditional ^alt-del is expected to do.

    >>
    >> Who would want an ordinary user to be able to shut down the system like that?

    >
    > We had actually gotten into a big discussion over this - I think just before
    > you started reading this group. There are those who for some reason believe a
    > normal user should not be allowed to shut down a system nicely even if they
    > have physical access to it (the power button and, even worse, the power cord).
    > I can't fathom why anyone would think this way. It makes no sense to me. And
    > there are those of us who believe a user should be able to shut down a system
    > nicely if they have physical access to it - we understand that user will
    > simply turn the computer off if they are not given this option. I think
    > pretty much everyone agreed that a normal user should not be allowed to
    > shut down a system remotely. The solutions were via sudo (I believe you can
    > limit shutdown to only the local user - don't remember), the three finger
    > salute (I had brought that one up),


    I just found the thread. Yours was the most sensible idea, given a strictly
    utilitarian approach. Minimum fuss and muss.

    > and the acpid button module which brings
    > the system down.


    I just discovered that I don't use that app (acpi). Got the modules, but they aren't
    loaded. Nothing in PATH. Nothing from apropos.

    >> Shouldn't the 3-Finger-Salute call a script that notified the other users
    >> that the system was shutting down in N sec/min so they could wrap things up?
    >> And THEN shutdown?

    >
    > I believe shutdown will do this automatically with the correct parameters -
    > no extra script needed.


    True. I just checked the man page.

    > Although, the remote user might not notice it.


    I think you could make a popup xterm that displayed the output. Wouldn't that be
    seen by everyone as long as it went to ttys as text, too?

    >> How is the ordinary user going to know whether someone is logged in remotely
    >> or not, for example?

    >
    > who
    > rusers


    Yet another new utility! "who". I hit tab twice and it says "display all 1190
    possibilities?" Can't see how I'll ever even learn all the names.

    No "what" "why" or "when", though :\

    > But, will that normal user care?


    I don't let anyone use my computer. I might let someone log in as a normal
    user from somewhere, even the next room, but they would never be allowed
    to shut down the system or have access to the power button or cord. This
    room is locked when I'm gone and the house breaker box is here. They'd never
    be given root priveleges. The three-fingered salute would be deactivated.

    > It would be nice if the user shut the
    > machine down so there would be some type of warning, but I believe the
    > deal now days is that if you are remotely logged into a computer,
    > don't assume it isn't going to get shut off out from under you. There
    > is nothing that can be down about this when the user has physical access
    > to the machine.


    True.


    Tom


    --
    simpleman.s43
    That would be at gee male


  17. Re: Shutdown permissions

    On Sat, 22 Dec 2007 10:04:40 +0100, Tom N wrote:

    > Yet another new utility! "who". I hit tab twice and it says "display all 1190
    > possibilities?" Can't see how I'll ever even learn all the names.
    >
    > No "what" "why" or "when", though :\


    There is a "wtf", though, n00b.

    > Tom


    It's "Alan", Tom.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  18. Re: Shutdown permissions


    Tom N. wrote :

    > Yet another new utility! "who". I hit tab twice and it says "display all 1190
    > possibilities?" Can't see how I'll ever even learn all the names.


    You can use 'man -k' or 'apropos', if you run 'apropos keyword' then all
    man-pages with the "keyword" in the short description will be listed.
    --
    Thomas O.

    This area is designed to become quite warm during normal operation.

  19. Re: Shutdown permissions

    Tom N wrote:
    >> the system down.

    >
    > I just discovered that I don't use that app (acpi). Got the modules, but they aren't
    > loaded. Nothing in PATH. Nothing from apropos.
    >


    I manually loaded the button module in rc.modules - but I believe that was
    unnecessary. It might automatically get loaded when needed. I haven't tested
    that yet. I found it doesn't help out if I lock the system up (I was having
    some issues with DOOM III). I had to resort to using the the "Linux Magic
    System Request" key to nicely shut the system down (kinda like Stop A on
    a Sun system).

    > I think you could make a popup xterm that displayed the output. Wouldn't that be
    > seen by everyone as long as it went to ttys as text, too?


    Not sure. I don't know if root will aways be able to show a X window on a
    remote system if the local computer hasn't been xhost +'ed on the remote one.
    I'm sure a network could be configured for this behaviour though.

    - Kurt

  20. Re: Shutdown permissions

    On 2007-12-22, Thomas Overgaard wrote:
    >
    > Tom N. wrote :
    >
    >> Yet another new utility! "who". I hit tab twice and it says "display all 1190
    >> possibilities?" Can't see how I'll ever even learn all the names.

    >
    > You can use 'man -k' or 'apropos', if you run 'apropos keyword' then all
    > man-pages with the "keyword" in the short description will be listed.


    Thanks, Thomas. I knew about apropos, sort of, but not man -k. Mostly I
    have been using locate | grep 'string', but it's kind of clumsy.

    Just did a type a and it came up empty, so I can alias a to apropos to
    simplify that, can't I?

    Tom


    --
    simpleman.s43
    That would be at gee male


+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast