Date: Thu, 06 Sep 2007 00:37:52 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Robin Becker <robin@reportlab.com> Cc: freebsd-questions@freebsd.org Subject: Re: temporary su login Message-ID: <46DF3DD0.9040506@dial.pipex.com> In-Reply-To: <46DF058F.9010606@jessikat.plus.net> References: <46DECD4F.3050408@chamonix.reportlab.co.uk> <69951ED3-5B8F-4D00-8920-BFF278C68DE6@gmail.com> <46DF058F.9010606@jessikat.plus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Robin Becker wrote: > Eric Crist wrote: > ........ > >> I'm sure nobody will mention this, so I will. On most systems with >> support ACPI, your colo provider can simply press the power button on >> the front of your server. FreeBSD's kernel will pick up the signal >> and shut down cleanly. >> >> Once you're moved, they can press the same button to power the system >> on. There is *NO* need to give them login access to the box. Also, >> they could simply call you to have you shut it down. > > ...... > > many good ideas; thanks. > > I guess since they ask for an ip based mechanism that I'll create a > special user in the operator group and do the chmod trick on shutdown. In truth, I thought this was the worst idea of 'em all (sorry to whoever posted it...). Group operator can read all your disks - it was created in the days when there really was an operator who did stuff like backups. Put yourself in it by all means, but give that to a stranger? Not me... To add to the solutions, you could create a user in group operator with a new ssh key that specifically executed shutdown, since you use ssh keys already. I'd still take it away the moment the box was moved. Or just set their shell to shutdown. But no general purpose login. Also, on my system, shutdown already is in group operator, but maybe I just did it by hand and forgot. 10 -r-sr-x--- 1 root operator - 10200 Sep 30 2006 /sbin/shutdown* --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46DF3DD0.9040506>