On Tue, 20 Nov 2007 12:04:38 -0800, Timoteo wrote:

> I installed Slackware 12.0 on a PC used on a comercial store.
> Everything is running okay, but i want that a normal user may use the
> "shutdown -h now" in order to shut down the machine. Actually only
> root may do that, so is very annoying to do that everyday. How can i
> do that ?

Depends on how you have X set up. If you are using KDE, then it's in the
kdm settings, Gnome or XFCE it's in the gdm settings.

If you aren't using either of those, you might try installing slim, which
allows similar capability through its configuration file.

Timoteo wrote:
> Hi
>
> I installed Slackware 12.0 on a PC used on a comercial store.
> Everything is running okay, but i want that a normal user may use the
> "shutdown -h now" in order to shut down the machine. Actually only
> root may do that, so is very annoying to do that everyday. How can i
> do that ?

If you want anyone to be allowed to call shutdown, simply give shutdown
the suid:

chmod u+s /sbin/shutdown

(and ensure that this command is on the $PATH of the user; by example by
putting a link in /usr/bin:

ln -s /sbin/shutdown /usr/bin/shutdown).

Olive

> Hi
>
> I installed Slackware 12.0 on a PC used on a comercial store.
> Everything is running okay, but i want that a normal user may use the
> "shutdown -h now" in order to shut down the machine. Actually only
> root may do that, so is very annoying to do that everyday. How can i
> do that ?
>
>
> Sorry for my bad english.
>
> Thanks in advance.
>
> Timoteo

Hi,

to allow a limited number of users to shutdown the machine you can also
install "sudo" and append the respective username/command to the
configuration file.

Sebastian

> Hi,
>
> to allow a limited number of users to shutdown the machine you can also
> install "sudo" and append the respective username/command to the
> configuration file.

Can't see the reason for limiting who can shutdown a machine that people
have physical access to - it just prevents people doing it the nice way.
Only allowing root permission to shutdown does not stop the plug coming out
the wall.

Pete

--
http://www.petezilla.co.uk

Peter Chant wrote:
>
> Can't see the reason for limiting who can shutdown a machine that people
> have physical access to - it just prevents people doing it the nice way.
> Only allowing root permission to shutdown does not stop the plug coming out
> the wall.

I'm sure arguments could me made saying sudo is less of a potential security
risk than suid. I would probably consider changing inittab so the "Three
Finger Salute" shuts the computer down instead of rebooting it. This way,
you don't have to worry about someone telnet'ing into a machine and
rebooting it. I've gotta believe sudo allows for one to make this limitation,
but I'm not sure.

I agree it is stupid to not allow users to nicely shutdown a computer they
have access to. I never understood that.

- Kurt

Peter Chant (REMpeteOVE@CAPpetezilla.ITALSco.uk) writes:
>> Hi,
>>
>> to allow a limited number of users to shutdown the machine you can also
>> install "sudo" and append the respective username/command to the
>> configuration file.
>
> Can't see the reason for limiting who can shutdown a machine that people
> have physical access to - it just prevents people doing it the nice way.
> Only allowing root permission to shutdown does not stop the plug coming out
> the wall.
>
And it's precisely "the nice way" that you want people to do it.

Unix was a multi-user system either from the beginning, or shortly
after. Linux emulates that. And a multi-user system doesn't want
anyone to be able to shut it down at nearly random. Just because user
A decides they want to turn off the computer doesn't mean user B wants
it. It's bad enough on a single user system where you turn it off
and then remember you needed to do one more thing, you don't want
someone else deciding that it's time to turn off the computer.

root/the system administrator isn't going to turn it off and some
random time. They will generally turn it off at a well controlled time
(to concide with minimal use) or at a well-announced time (so people
know they can't count on the system's availability at that time). If
it's random, at least it's going to be based on some sudden need, like
the hard drive has just gone and a replacement is vital.

Everything about Linux is designed with the expectation that there
will be more than one user. That's why you either need to be root
to do things or you have to adjust things. And even when you are
the only user, making certain things only run as root gives an
extra edge of security (assuming you don't routinely run as root),
so any of those things you have to deliberately get root privilege
for gives you a level of second guessing, the same way rm can be
prompted to ask if you really want to delete something. It doesn't
make things completely safe, it just adds a level of safety.

That said, if you're running as a single user, you can adapt things
so you don't have to be root. If you're the only user, there isn't
that much reason to not be able to shut down things as a user, but
at least you will have to adjust things so it happens because you
deliberately change things, rather than by default.

IN a single user system, you can give yourself an awful lot of
power, because you don't have to worry about other uses. Yet you
can still leave some things for root privilege, which is still
safer than running as root.

Michael

~kurt wrote:
>
.... snip ...
>
> I agree it is stupid to not allow users to nicely shutdown a
> computer they have access to. I never understood that.

No it isn't. There may be other users of all sorts, including
remote. It is up to the sysop to shut down, not the
non-priviledged user.

--
Chuck F (cbfalconer at maineline dot net)

Try the download section.


--
Posted via a free Usenet account from http://www.teranews.com

Michael Black wrote:
>
> Unix was a multi-user system either from the beginning, or shortly
> after. Linux emulates that. And a multi-user system doesn't want
> anyone to be able to shut it down at nearly random. Just because user
> A decides they want to turn off the computer doesn't mean user B wants

What does this have to do with a user being able to turn off a computer
by pushing the power switch? There needs to be an easy way for the user
to shut the system down nicely whenever the user wants to, or else the user
will do it the really quick way....

- Kurt

On Tue, 20 Nov 2007 23:23:35 +0000
Peter Chant wrote:

>
> > Hi,
> >
> > to allow a limited number of users to shutdown the machine you can
> > also install "sudo" and append the respective username/command to
> > the configuration file.
>
> Can't see the reason for limiting who can shutdown a machine that
> people have physical access to - it just prevents people doing it the
> nice way. Only allowing root permission to shutdown does not stop the
> plug coming out the wall.
>
> Pete
>

On my home server there is only one unprivileged user account which can
shutdown the system. When I configured the system I decided to use sudo
because it seemed to be the easiest for me.

The idea behind it is that nobody can turn off the computer when I'm
doing administrative tasks remotely. I think if you can be sure that no
one will ever log in remotely or access any network services you can
pass on sudo.

I don't think that someone will pull the plug to turn off the machine.

Sebastian

Sebastian Fedrau wrote:

> I don't think that someone will pull the plug to turn off the machine.

Done it repeatedly with people who've left windows machines running with a
password protected screensaver. What else do you do at the end of the day
if you are not supposed to leave them running and their users show no sign
of returning? Windows or linux makes no difference for this discussion.

--
http://www.petezilla.co.uk

On 11/21/07 09:37, Peter Chant wrote:

>
> Done it repeatedly with people who've left windows machines running with a
> password protected screensaver. What else do you do at the end of the day
> if you are not supposed to leave them running and their users show no sign
> of returning? Windows or linux makes no difference for this discussion.
>

You can configure acpi to shutdown the machine nicely by just hitting
the power button. Slackware 11.0 powers off my machine after I
enabled acpid daemon.

Ciao
Giovanni
--
A computer is like an air conditioner,
it stops working when you open Windows.
Registered Linux user #337974 < http://giovanni.homelinux.net/ >

Timoteo wrote:
> Everything is running okay, but i want that a normal user may use the
> "shutdown -h now" in order to shut down the machine. Actually only
> root may do that, so is very annoying to do that everyday. How can i
> do that ?



If you're running KDE, here's what you can do:

As root, edit /etc/inittab file and change the line:

"id:3:initdefault:"

to:

"id:4initdefault:"


After saving the file and rebooting the machine, users will be prompted with an
X-Windows GUI login screen instead of the usual console login prompt.

And in KDE, if you select "Log Out", every user will see the following prompts:

1) End current session
2) Turn off computer
3) Restart computer


I'm not sure how this will work if KDE is NOT installed and initdefault
is set to 4, but you can try it and find out.


HTH,

-- anthony
--
http://www.whuddafug.com

> I agree it is stupid to not allow users to nicely shutdown a computer they
> have access to. I never understood that.

It is in general not easy to determine if a user has a physical access
to the machine or not (in case of a remote login via, for example ssh,
the user has no physical access and shutdown should be disallowed). I
know that some distributions use pam to allow user logged in locally to
be able to shutdown; but PV (the maintener of Slackware) think of pam as
being insecure and does not include it in Slackware.

Olive

On Wed, 21 Nov 2007 15:29:25 +0100, Olive wrote:

>> I agree it is stupid to not allow users to nicely shutdown a computer they
>> have access to. I never understood that.
>
> It is in general not easy to determine if a user has a physical access
> to the machine or not (in case of a remote login via, for example ssh,
> the user has no physical access and shutdown should be disallowed). I
> know that some distributions use pam to allow user logged in locally to
> be able to shutdown; but PV (the maintener of Slackware) think of pam as
> being insecure and does not include it in Slackware.

Hence my suggestion to use slim for the purpose, one needs to be sitting
at the console to shut the machine down.

On Tue, 20 Nov 2007 21:11:22 +0100, Mark South wrote:

>> I installed Slackware 12.0 on a PC used on a comercial store. Everything
>> is running okay, but i want that a normal user may use the "shutdown -h
>> now" in order to shut down the machine. Actually only root may do that,
>> so is very annoying to do that everyday. How can i do that ?

> Depends on how you have X set up. If you are using KDE, then it's in the
> kdm settings, Gnome or XFCE it's in the gdm settings.

> If you aren't using either of those, you might try installing slim,
> which allows similar capability through its configuration file.

Just set the sticky bit:

If you want the user to have the ability to shutdown or reboot you have
to change file permissions for the halt command. Reboot is a symlink to
halt, so that doesn't need to be changed. Type as root:

chmod +s /sbin/halt

========================

Other options...

========================

Another option is to do this using sudo. First install sudo:

# pacman -Sy sudo

Then, as root, add the following to the end of /etc/sudoers using the
visudo command. Substitute user for your username and hostname for the
machines hostname.

user hostname = NOPASSWD: /sbin/shutdown -h now
user hostname = NOPASSWD: /sbin/reboot

Now your user can shutdown with sudo shutdown -h now, and reboot with
reboot.

A third option, under Gnome is to perform the following commands:

su
your password
chmod +s /sbin/halt
cd /var/run
mkdir console
cd console
touch username

This adds the "reboot" and "halt" options to Gnome's logout menu for the
user defined.

A fourth option, under XFCE is to install sudo. Then add the following
line to /etc/sudoers using the visudo -f command. Substitute user for
your username and hostname for the machine's hostname.

user hostname = NOPASSWD: /opt/xfce4/libexec/xfsm-shutdown-helper

This activates the "reboot" and "turn off" options to XFCE's
session-manager logout dialog for the user defined.

Retrieved from
"http://wiki.archlinux.org/index.php/Allow_users_to_shutdown"


--
Email - rsgibson@verizon.borg
Replace borg with net

On Wed, 21 Nov 2007 16:17:29 +0000, Ron Gibson wrote:

>> If you aren't using either of those, you might try installing slim,
>> which allows similar capability through its configuration file.

> Just set the sticky bit:

Whoops - Called it the wrong bit - Should be...

set user or group ID on execution (s)

> If you want the user to have the ability to shutdown or reboot you have to
> change file permissions for the halt command. Reboot is a symlink to halt,
> so that doesn't need to be changed. Type as root:
>
> chmod +s /sbin/halt


--
Email - rsgibson@verizon.borg
Replace borg with net

On Wed, 21 Nov 2007 08:37:33 +0000
Peter Chant wrote:

> Sebastian Fedrau wrote:
>
> > I don't think that someone will pull the plug to turn off the
> > machine.
>
> Done it repeatedly with people who've left windows machines running
> with a password protected screensaver. What else do you do at the
> end of the day if you are not supposed to leave them running and
> their users show no sign of returning? Windows or linux makes no
> difference for this discussion.
>

Sorry, but I don't think that you can compare a running linux machine
to a windows computer with a password protected screensaver. I would
never think that someone forgot to turn off the computer when I see a
running linux system.


Sebastian

Giovanni wrote:

> You can configure acpi to shutdown the machine nicely by just hitting
> the power button. Slackware 11.0 powers off my machine after I
> enabled acpid daemon.

Neat. Never really looked into this, but neat. Think I saw an HP
workstation do this years back.

Pete
--
http://www.petezilla.co.uk

Peter Chant wrote:

> Giovanni wrote:
>
>> You can configure acpi to shutdown the machine nicely by just hitting
>> the power button. Slackware 11.0 powers off my machine after I
>> enabled acpid daemon.
>
> Neat. Never really looked into this, but neat. Think I saw an HP
> workstation do this years back.

OK, rudely following up myself. Looks like I need a small edit
in /etc/acpi/events/default and I'm sorted. If you don't see any posts for
a few days its because it didn't work and I hosed my system without
shutting it down properly!

Pete


--
http://www.petezilla.co.uk