From owner-freebsd-questions@FreeBSD.ORG Mon Sep 11 14:39:54 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84D9616A412 for ; Mon, 11 Sep 2006 14:39:54 +0000 (UTC) (envelope-from backyard1454-bsd@yahoo.com) Received: from web83101.mail.mud.yahoo.com (web83101.mail.mud.yahoo.com [216.252.101.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 1B30143D45 for ; Mon, 11 Sep 2006 14:39:54 +0000 (GMT) (envelope-from backyard1454-bsd@yahoo.com) Received: (qmail 93029 invoked by uid 60001); 11 Sep 2006 14:39:53 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=RIU7bxaWfokFvn8drbzXtnohgpgiCP7wFANxui6zvZxZcZ8xRb4/OLY2tcANaIg0O+uqMGF5tRrEhU1xeQYeZApLxICYoc31ZyusOKPfG29x5sjkKNJrwWA81erq+ugX6pzwJqYgny6LH72Wsr3ZT1A/NOrN3hunfHINxqofl/E= ; Message-ID: <20060911143953.93027.qmail@web83101.mail.mud.yahoo.com> Received: from [63.240.228.37] by web83101.mail.mud.yahoo.com via HTTP; Mon, 11 Sep 2006 07:39:53 PDT Date: Mon, 11 Sep 2006 07:39:53 -0700 (PDT) From: backyard To: freebsd@orchid.homeunix.org, FreeBSD Questions In-Reply-To: <450570AA.6050505@orchid.homeunix.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Putting a command/script as a user's shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: backyard1454-bsd@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2006 14:39:54 -0000 --- Karol Kwiatkowski wrote: > Good day everyone, > > I'm trying to make it possible to restart (as in > 'shutdown -r now') a > FreeBSD based router from LAN network as easy as > possible so it can be > used by non-technical people. > > I'm sure some will ask why would I need that - it's > an USB modem > connecting to ADSL line that locks up sometimes and > all my attempts to > make it restart itself have failed. > > I came up with this idea: > > - add another user to the system, let it be > 'restart' > - add 'restart' to group operator > - let 'restart' to login through SSH from LAN with a > key (passwords > forbidden) > - put a restart command as it's shell (so it > automagically restarts > the router) > > Does that sound reasonably? Security is not an > issue, it's "secure > enough" for me. > > > OK, now for technical question. I realise I cannot > put arguments to > the command in the "shell area" in passwd file, so I > wrote a short script: > > $ cat /home/restart/restart.sh > #!/bin/sh > /sbin/shutdown -r now > $ ls -l /home/restart/restart.sh > -rwx------ 1 restart restart 33 Sep 11 15:24 > > > put that as restart's user shell: > > # grep restart /etc/master.passwd > restart:*:1017:1017::0:0:restart:/home/restart:/home/restart/restart.sh > > > and tried locally but it's not working: > > # su - restart > su: /home/restart/restart.sh: Permission denied > > > I'm not sure where 'Permission denied' come from. > Setup looks to be > OK, here's what I get with /usr/bin/id as a shell: > > # su - restart > uid=1017(restart) gid=1017(restart) > groups=1017(restart), 5(operator) > > > I'm sure I'm missing something here. Anyone have > some pointers? > > Cheers, > > Karol > > -- > Karol Kwiatkowski dot org> > OpenPGP: > http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc > > make the shell script group executable and make it group operator maybe try making it owned by root. I think what is happening is it is running under the priveledges of restart not operator because operators groups cannot execute the command only the restart user can due to the priveledges. And when the restart.sh passes its group priveledges to the sript callout to shutdown it fails because shutdown can only run as operator. That would be my guess -brian