Date: Tue, 30 May 2000 12:22:13 -0500 From: David McNett <dmcnett@hfdirect.com> To: Nathan Vidican <webmaster@wmptl.com> Cc: Nils Holland <nils@nightcastleproductions.org>, questions@freebsd.org Subject: Re: Letting normal users halt the system Message-ID: <20000530122213.A5568@avatar.hfdirect.com> In-Reply-To: <3933F56E.82B51937@wmptl.com>; from webmaster@wmptl.com on Tue, May 30, 2000 at 01:07:58PM -0400 References: <Pine.BSF.4.21.0005301857570.297-100000@tempest.ncptiddische.net> <3933F56E.82B51937@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30-May-2000, Nathan Vidican wrote: > Alternately then, you could create a new group, (eg shutusers), and > re-chown /sbin/shutdown to root:shutusers, then chmod 750. Note that > while placing them in the operator group allows them to run the > shutdown, it does not allow them to explicitly use 'reboot' or 'halt', > but rather 'shutdown -h now' and 'shutdown -r now'. I'd recommend that the original poster look into implementing sudo, which is a package designed for just this type of activity. Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. With it, you can allow specific users or groups (as in the "shutusers" example Nathan suggested) access to specific actions or commands. An extra benefit of using sudo is that you will get logging of who ran the shutdown, and when. sudo is, of course, in ports. /usr/ports/security/sudo/ More info at http://www.courtesan.com/sudo/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000530122213.A5568>