Shutdown permissions - Slackware

This is a discussion on Shutdown permissions - Slackware ; Hi I installed Slackware 12.0 on a PC used on a comercial store. Everything is running okay, but i want that a normal user may use the "shutdown -h now" in order to shut down the machine. Actually only root ...

+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast
Results 1 to 20 of 72

Thread: Shutdown permissions

  1. Shutdown permissions

    Hi

    I installed Slackware 12.0 on a PC used on a comercial store.
    Everything is running okay, but i want that a normal user may use the
    "shutdown -h now" in order to shut down the machine. Actually only
    root may do that, so is very annoying to do that everyday. How can i
    do that ?


    Sorry for my bad english.

    Thanks in advance.

    Timoteo

  2. Re: Shutdown permissions

    On Tue, 20 Nov 2007 12:04:38 -0800, Timoteo wrote:

    > I installed Slackware 12.0 on a PC used on a comercial store.
    > Everything is running okay, but i want that a normal user may use the
    > "shutdown -h now" in order to shut down the machine. Actually only
    > root may do that, so is very annoying to do that everyday. How can i
    > do that ?


    Depends on how you have X set up. If you are using KDE, then it's in the
    kdm settings, Gnome or XFCE it's in the gdm settings.

    If you aren't using either of those, you might try installing slim, which
    allows similar capability through its configuration file.

  3. Re: Shutdown permissions

    Timoteo wrote:
    > Hi
    >
    > I installed Slackware 12.0 on a PC used on a comercial store.
    > Everything is running okay, but i want that a normal user may use the
    > "shutdown -h now" in order to shut down the machine. Actually only
    > root may do that, so is very annoying to do that everyday. How can i
    > do that ?


    If you want anyone to be allowed to call shutdown, simply give shutdown
    the suid:

    chmod u+s /sbin/shutdown

    (and ensure that this command is on the $PATH of the user; by example by
    putting a link in /usr/bin:

    ln -s /sbin/shutdown /usr/bin/shutdown).

    Olive

  4. Re: Shutdown permissions

    > Hi
    >
    > I installed Slackware 12.0 on a PC used on a comercial store.
    > Everything is running okay, but i want that a normal user may use the
    > "shutdown -h now" in order to shut down the machine. Actually only
    > root may do that, so is very annoying to do that everyday. How can i
    > do that ?
    >
    >
    > Sorry for my bad english.
    >
    > Thanks in advance.
    >
    > Timoteo


    Hi,

    to allow a limited number of users to shutdown the machine you can also
    install "sudo" and append the respective username/command to the
    configuration file.

    Sebastian

  5. Re: Shutdown permissions


    > Hi,
    >
    > to allow a limited number of users to shutdown the machine you can also
    > install "sudo" and append the respective username/command to the
    > configuration file.


    Can't see the reason for limiting who can shutdown a machine that people
    have physical access to - it just prevents people doing it the nice way.
    Only allowing root permission to shutdown does not stop the plug coming out
    the wall.

    Pete

    --
    http://www.petezilla.co.uk

  6. Re: Shutdown permissions

    Peter Chant wrote:
    >
    > Can't see the reason for limiting who can shutdown a machine that people
    > have physical access to - it just prevents people doing it the nice way.
    > Only allowing root permission to shutdown does not stop the plug coming out
    > the wall.


    I'm sure arguments could me made saying sudo is less of a potential security
    risk than suid. I would probably consider changing inittab so the "Three
    Finger Salute" shuts the computer down instead of rebooting it. This way,
    you don't have to worry about someone telnet'ing into a machine and
    rebooting it. I've gotta believe sudo allows for one to make this limitation,
    but I'm not sure.

    I agree it is stupid to not allow users to nicely shutdown a computer they
    have access to. I never understood that.

    - Kurt

  7. Re: Shutdown permissions

    Peter Chant (REMpeteOVE@CAPpetezilla.ITALSco.uk) writes:
    >> Hi,
    >>
    >> to allow a limited number of users to shutdown the machine you can also
    >> install "sudo" and append the respective username/command to the
    >> configuration file.

    >
    > Can't see the reason for limiting who can shutdown a machine that people
    > have physical access to - it just prevents people doing it the nice way.
    > Only allowing root permission to shutdown does not stop the plug coming out
    > the wall.
    >

    And it's precisely "the nice way" that you want people to do it.

    Unix was a multi-user system either from the beginning, or shortly
    after. Linux emulates that. And a multi-user system doesn't want
    anyone to be able to shut it down at nearly random. Just because user
    A decides they want to turn off the computer doesn't mean user B wants
    it. It's bad enough on a single user system where you turn it off
    and then remember you needed to do one more thing, you don't want
    someone else deciding that it's time to turn off the computer.

    root/the system administrator isn't going to turn it off and some
    random time. They will generally turn it off at a well controlled time
    (to concide with minimal use) or at a well-announced time (so people
    know they can't count on the system's availability at that time). If
    it's random, at least it's going to be based on some sudden need, like
    the hard drive has just gone and a replacement is vital.

    Everything about Linux is designed with the expectation that there
    will be more than one user. That's why you either need to be root
    to do things or you have to adjust things. And even when you are
    the only user, making certain things only run as root gives an
    extra edge of security (assuming you don't routinely run as root),
    so any of those things you have to deliberately get root privilege
    for gives you a level of second guessing, the same way rm can be
    prompted to ask if you really want to delete something. It doesn't
    make things completely safe, it just adds a level of safety.

    That said, if you're running as a single user, you can adapt things
    so you don't have to be root. If you're the only user, there isn't
    that much reason to not be able to shut down things as a user, but
    at least you will have to adjust things so it happens because you
    deliberately change things, rather than by default.

    IN a single user system, you can give yourself an awful lot of
    power, because you don't have to worry about other uses. Yet you
    can still leave some things for root privilege, which is still
    safer than running as root.

    Michael


  8. Re: Shutdown permissions

    ~kurt wrote:
    >

    .... snip ...
    >
    > I agree it is stupid to not allow users to nicely shutdown a
    > computer they have access to. I never understood that.


    No it isn't. There may be other users of all sorts, including
    remote. It is up to the sysop to shut down, not the
    non-priviledged user.

    --
    Chuck F (cbfalconer at maineline dot net)

    Try the download section.


    --
    Posted via a free Usenet account from http://www.teranews.com


  9. Re: Shutdown permissions

    Michael Black wrote:
    >
    > Unix was a multi-user system either from the beginning, or shortly
    > after. Linux emulates that. And a multi-user system doesn't want
    > anyone to be able to shut it down at nearly random. Just because user
    > A decides they want to turn off the computer doesn't mean user B wants


    What does this have to do with a user being able to turn off a computer
    by pushing the power switch? There needs to be an easy way for the user
    to shut the system down nicely whenever the user wants to, or else the user
    will do it the really quick way....

    - Kurt

  10. Re: Shutdown permissions

    On Tue, 20 Nov 2007 23:23:35 +0000
    Peter Chant wrote:

    >
    > > Hi,
    > >
    > > to allow a limited number of users to shutdown the machine you can
    > > also install "sudo" and append the respective username/command to
    > > the configuration file.

    >
    > Can't see the reason for limiting who can shutdown a machine that
    > people have physical access to - it just prevents people doing it the
    > nice way. Only allowing root permission to shutdown does not stop the
    > plug coming out the wall.
    >
    > Pete
    >


    On my home server there is only one unprivileged user account which can
    shutdown the system. When I configured the system I decided to use sudo
    because it seemed to be the easiest for me.

    The idea behind it is that nobody can turn off the computer when I'm
    doing administrative tasks remotely. I think if you can be sure that no
    one will ever log in remotely or access any network services you can
    pass on sudo.

    I don't think that someone will pull the plug to turn off the machine.

    Sebastian

  11. Re: Shutdown permissions

    Sebastian Fedrau wrote:

    > I don't think that someone will pull the plug to turn off the machine.


    Done it repeatedly with people who've left windows machines running with a
    password protected screensaver. What else do you do at the end of the day
    if you are not supposed to leave them running and their users show no sign
    of returning? Windows or linux makes no difference for this discussion.

    --
    http://www.petezilla.co.uk

  12. Re: Shutdown permissions

    On 11/21/07 09:37, Peter Chant wrote:

    >
    > Done it repeatedly with people who've left windows machines running with a
    > password protected screensaver. What else do you do at the end of the day
    > if you are not supposed to leave them running and their users show no sign
    > of returning? Windows or linux makes no difference for this discussion.
    >


    You can configure acpi to shutdown the machine nicely by just hitting
    the power button. Slackware 11.0 powers off my machine after I
    enabled acpid daemon.

    Ciao
    Giovanni
    --
    A computer is like an air conditioner,
    it stops working when you open Windows.
    Registered Linux user #337974 < http://giovanni.homelinux.net/ >

  13. Re: Shutdown permissions

    Timoteo wrote:
    > Everything is running okay, but i want that a normal user may use the
    > "shutdown -h now" in order to shut down the machine. Actually only
    > root may do that, so is very annoying to do that everyday. How can i
    > do that ?




    If you're running KDE, here's what you can do:

    As root, edit /etc/inittab file and change the line:

    "id:3:initdefault:"

    to:

    "id:4initdefault:"


    After saving the file and rebooting the machine, users will be prompted with an
    X-Windows GUI login screen instead of the usual console login prompt.

    And in KDE, if you select "Log Out", every user will see the following prompts:

    1) End current session
    2) Turn off computer
    3) Restart computer


    I'm not sure how this will work if KDE is NOT installed and initdefault
    is set to 4, but you can try it and find out.


    HTH,

    -- anthony
    --
    http://www.whuddafug.com


  14. Re: Shutdown permissions


    > I agree it is stupid to not allow users to nicely shutdown a computer they
    > have access to. I never understood that.


    It is in general not easy to determine if a user has a physical access
    to the machine or not (in case of a remote login via, for example ssh,
    the user has no physical access and shutdown should be disallowed). I
    know that some distributions use pam to allow user logged in locally to
    be able to shutdown; but PV (the maintener of Slackware) think of pam as
    being insecure and does not include it in Slackware.

    Olive

  15. Re: Shutdown permissions

    On Wed, 21 Nov 2007 15:29:25 +0100, Olive wrote:

    >> I agree it is stupid to not allow users to nicely shutdown a computer they
    >> have access to. I never understood that.

    >
    > It is in general not easy to determine if a user has a physical access
    > to the machine or not (in case of a remote login via, for example ssh,
    > the user has no physical access and shutdown should be disallowed). I
    > know that some distributions use pam to allow user logged in locally to
    > be able to shutdown; but PV (the maintener of Slackware) think of pam as
    > being insecure and does not include it in Slackware.


    Hence my suggestion to use slim for the purpose, one needs to be sitting
    at the console to shut the machine down.

  16. Re: Shutdown permissions

    On Tue, 20 Nov 2007 21:11:22 +0100, Mark South wrote:

    >> I installed Slackware 12.0 on a PC used on a comercial store. Everything
    >> is running okay, but i want that a normal user may use the "shutdown -h
    >> now" in order to shut down the machine. Actually only root may do that,
    >> so is very annoying to do that everyday. How can i do that ?


    > Depends on how you have X set up. If you are using KDE, then it's in the
    > kdm settings, Gnome or XFCE it's in the gdm settings.


    > If you aren't using either of those, you might try installing slim,
    > which allows similar capability through its configuration file.


    Just set the sticky bit:

    If you want the user to have the ability to shutdown or reboot you have
    to change file permissions for the halt command. Reboot is a symlink to
    halt, so that doesn't need to be changed. Type as root:

    chmod +s /sbin/halt

    ========================

    Other options...

    ========================

    Another option is to do this using sudo. First install sudo:

    # pacman -Sy sudo

    Then, as root, add the following to the end of /etc/sudoers using the
    visudo command. Substitute user for your username and hostname for the
    machines hostname.

    user hostname = NOPASSWD: /sbin/shutdown -h now
    user hostname = NOPASSWD: /sbin/reboot

    Now your user can shutdown with sudo shutdown -h now, and reboot with
    reboot.

    A third option, under Gnome is to perform the following commands:

    su
    your password
    chmod +s /sbin/halt
    cd /var/run
    mkdir console
    cd console
    touch username

    This adds the "reboot" and "halt" options to Gnome's logout menu for the
    user defined.

    A fourth option, under XFCE is to install sudo. Then add the following
    line to /etc/sudoers using the visudo -f command. Substitute user for
    your username and hostname for the machine's hostname.

    user hostname = NOPASSWD: /opt/xfce4/libexec/xfsm-shutdown-helper

    This activates the "reboot" and "turn off" options to XFCE's
    session-manager logout dialog for the user defined.

    Retrieved from
    "http://wiki.archlinux.org/index.php/Allow_users_to_shutdown"


    --
    Email - rsgibson@verizon.borg
    Replace borg with net


  17. Re: Shutdown permissions

    On Wed, 21 Nov 2007 16:17:29 +0000, Ron Gibson wrote:

    >> If you aren't using either of those, you might try installing slim,
    >> which allows similar capability through its configuration file.


    > Just set the sticky bit:


    Whoops - Called it the wrong bit - Should be...

    set user or group ID on execution (s)

    > If you want the user to have the ability to shutdown or reboot you have to
    > change file permissions for the halt command. Reboot is a symlink to halt,
    > so that doesn't need to be changed. Type as root:
    >
    > chmod +s /sbin/halt



    --
    Email - rsgibson@verizon.borg
    Replace borg with net


  18. Re: Shutdown permissions

    On Wed, 21 Nov 2007 08:37:33 +0000
    Peter Chant wrote:

    > Sebastian Fedrau wrote:
    >
    > > I don't think that someone will pull the plug to turn off the
    > > machine.

    >
    > Done it repeatedly with people who've left windows machines running
    > with a password protected screensaver. What else do you do at the
    > end of the day if you are not supposed to leave them running and
    > their users show no sign of returning? Windows or linux makes no
    > difference for this discussion.
    >


    Sorry, but I don't think that you can compare a running linux machine
    to a windows computer with a password protected screensaver. I would
    never think that someone forgot to turn off the computer when I see a
    running linux system.


    Sebastian

  19. Re: Shutdown permissions

    Giovanni wrote:

    > You can configure acpi to shutdown the machine nicely by just hitting
    > the power button. Slackware 11.0 powers off my machine after I
    > enabled acpid daemon.


    Neat. Never really looked into this, but neat. Think I saw an HP
    workstation do this years back.

    Pete
    --
    http://www.petezilla.co.uk

  20. Re: Shutdown permissions

    Peter Chant wrote:

    > Giovanni wrote:
    >
    >> You can configure acpi to shutdown the machine nicely by just hitting
    >> the power button. Slackware 11.0 powers off my machine after I
    >> enabled acpid daemon.

    >
    > Neat. Never really looked into this, but neat. Think I saw an HP
    > workstation do this years back.


    OK, rudely following up myself. Looks like I need a small edit
    in /etc/acpi/events/default and I'm sorted. If you don't see any posts for
    a few days its because it didn't work and I hosed my system without
    shutting it down properly!

    Pete


    --
    http://www.petezilla.co.uk

+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast