Date: Fri, 7 Sep 2007 12:46:45 -0400 From: Jerry McAllister <jerrymc@msu.edu> To: "gs_stoller@juno.com" <gs_stoller@juno.com> Cc: robin@reportlab.com, hakmi@rogers.com, freebsd-questions@freebsd.org Subject: Re: temporary su login Message-ID: <20070907164645.GE41464@gizmo.acns.msu.edu> In-Reply-To: <20070907.024333.14087.0@webmail04.dca.untd.com> References: <20070907.024333.14087.0@webmail04.dca.untd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 07, 2007 at 06:43:33AM +0000, gs_stoller@juno.com wrote: > Tamouh wrote: > >> Robin Becker wrote: > >> > My collocation supplier is about to move our FreeBSD box and wants > >> > some way to shut it down cleanly. Is there a simple way to allow a > >> > non-root user to have shutdown rights without just giving them the > >> > world. At present I don't even allow login via ssh on that > >> box ie it's > >> > purely key based. > >> What I would do is develop a script (owned by root ) > >> and callable by everybody which then checks the user-id of > >> its caller, and if it is an acceptable one, the script will > >> issue a warning (to wall) and then shutdown the system. > >> > > > > why not ask them to do CTRL+ALT+DEL which will reboot the server cleanly and once it hit > > does the intial reset, turn it off. > > Yes, CTRL+ALT+DEL will reboot the server cleanly, > but it does not shutdown the previous session nicely, it shuts it > down catastrophically, and it can be done by anyone with access > to the system keyboard. Robin asked for a way to allow one specific > non-root user to be able to shutdown the system. Actually it will do a clean shutdown if your hardware supports it. But, assuming this not available, then check our 'sudo'. It is in the ports. With it you can create a command that can only be run by one id. You do not have to give that id root priviledge or the ability to run any other command. In fact, by manipulating the user's shell, you can create a login account that can only run that command and then go away/logout. The sudo utility starts up when the command you created is executed. It checks the user id it is running under and if you want, it can ask for further authentication. If the command that the user is attempting to run is acceptable, then it will execute that command for the user. In the sudo configuration file you can create a list of system commands a particular id is allowed to run. But watch and see if your CTRL-ALT-DEL causes a regular shutdown or crashes it down. ////jerry > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070907164645.GE41464>