From owner-freebsd-questions@FreeBSD.ORG Fri Sep 7 06:44:49 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6549A16A417 for ; Fri, 7 Sep 2007 06:44:49 +0000 (UTC) (envelope-from gs_stoller@juno.com) Received: from outbound-mail.dca.untd.com (outbound-mail.dca.untd.com [64.136.47.15]) by mx1.freebsd.org (Postfix) with SMTP id 0195F13C4A5 for ; Fri, 7 Sep 2007 06:44:48 +0000 (UTC) (envelope-from gs_stoller@juno.com) Received: from webmail04.dca.untd.com (webmail04.dca.untd.com [10.171.12.144]) by smtpout06.dca.untd.com with SMTP id AABDQB637A3U377J for (sender ); Thu, 6 Sep 2007 23:44:13 -0700 (PDT) X-UNTD-OriginStamp: /s5f1SIGSI3+WdnoYQ8yROjR373bknCqWSVGrhbvZolyvszwuO8nAQ== Received: (from gs_stoller@juno.com) by webmail04.dca.untd.com (jqueuemail) id MWZ2EZ5Z; Thu, 06 Sep 2007 23:43:51 PDT Received: from [10.171.11.36] by webmail04.dca.untd.com with HTTP: Fri, 7 Sep 2007 06:43:33 GMT X-Originating-IP: [10.171.11.36] Mime-Version: 1.0 From: "gs_stoller@juno.com" Date: Fri, 7 Sep 2007 06:43:33 GMT To: hakmi@rogers.com X-Mailer: Webmail Version 4.0 Message-Id: <20070907.024333.14087.0@webmail04.dca.untd.com> Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Type: text/plain; charset=us-ascii X-ContentStamp: 8:4:2593747742 X-UNTD-Peer-Info: 10.171.12.144|webmail04.dca.untd.com|webmail04.dca.untd.com|gs_stoller@juno.com Cc: robin@reportlab.com, freebsd-questions@freebsd.org Subject: RE: temporary su login X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2007 06:44:49 -0000 Tamouh wrote: >> Robin Becker wrote: >> > My collocation supplier is about to move our FreeBSD box and wants = = >> > some way to shut it down cleanly. Is there a simple way to allow a = = >> > non-root user to have shutdown rights without just giving them the = = >> > world. At present I don't even allow login via ssh on that = >> box ie it's = >> > purely key based. >> What I would do is develop a script (owned by root ) = >> and callable by everybody which then checks the user-id of = >> its caller, and if it is an acceptable one, the script will = >> issue a warning (to wall) and then shutdown the system. >> = > > why not ask them to do CTRL+ALT+DEL which will reboot the server clean= ly and once it hit = > does the intial reset, turn it off. Yes, CTRL+ALT+DEL will reboot the server cleanly, but it does not shutdown the previous session nicely, it shuts it down catastrophically, and it can be done by anyone with access to the system keyboard. Robin asked for a way to allow one specific non-root user to be able to shutdown the system.