From owner-freebsd-questions@FreeBSD.ORG Mon Sep 11 14:20:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A78216A407 for ; Mon, 11 Sep 2006 14:20:48 +0000 (UTC) (envelope-from freebsd@orchid.homeunix.org) Received: from orchid.homeunix.org (atx228.neoplus.adsl.tpnet.pl [83.27.5.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3F1343D4C for ; Mon, 11 Sep 2006 14:20:46 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.6/8.13.6) with ESMTP id k8BEKcO7001960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 11 Sep 2006 16:20:44 +0200 (CEST) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <450570AA.6050505@orchid.homeunix.org> Date: Mon, 11 Sep 2006 16:20:26 +0200 From: Karol Kwiatkowski User-Agent: Thunderbird 1.5.0.5 (X11/20060731) MIME-Version: 1.0 To: FreeBSD Questions X-Enigmail-Version: 0.94.1.0 OpenPGP: id=06E09309; url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig4C11F8F96E53391EB62227E7" X-Virus-Scanned: ClamAV 0.88.4/1856/Mon Sep 11 15:51:46 2006 on orchid.homeunix.org X-Virus-Status: Clean Subject: Putting a command/script as a user's shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2006 14:20:48 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4C11F8F96E53391EB62227E7 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Good day everyone, I'm trying to make it possible to restart (as in 'shutdown -r now') a FreeBSD based router from LAN network as easy as possible so it can be used by non-technical people. I'm sure some will ask why would I need that - it's an USB modem connecting to ADSL line that locks up sometimes and all my attempts to make it restart itself have failed. I came up with this idea: - add another user to the system, let it be 'restart' - add 'restart' to group operator - let 'restart' to login through SSH from LAN with a key (passwords forbidden) - put a restart command as it's shell (so it automagically restarts the router) Does that sound reasonably? Security is not an issue, it's "secure enough" for me. OK, now for technical question. I realise I cannot put arguments to the command in the "shell area" in passwd file, so I wrote a short script= : $ cat /home/restart/restart.sh #!/bin/sh /sbin/shutdown -r now $ ls -l /home/restart/restart.sh -rwx------ 1 restart restart 33 Sep 11 15:24 put that as restart's user shell: # grep restart /etc/master.passwd restart:*:1017:1017::0:0:restart:/home/restart:/home/restart/restart.sh and tried locally but it's not working: # su - restart su: /home/restart/restart.sh: Permission denied I'm not sure where 'Permission denied' come from. Setup looks to be OK, here's what I get with /usr/bin/id as a shell: # su - restart uid=3D1017(restart) gid=3D1017(restart) groups=3D1017(restart), 5(operato= r) I'm sure I'm missing something here. Anyone have some pointers? Cheers, Karol --=20 Karol Kwiatkowski OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enig4C11F8F96E53391EB62227E7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBXC1ezeoPAwGIYsRCDSJAJ9DH1VLivC3bYBBzVyxTQyC0l2fhACeI7LE gJX0AieMn+feI+/a8aHgLsk= =2LhJ -----END PGP SIGNATURE----- --------------enig4C11F8F96E53391EB62227E7--