Date: Mon, 11 Sep 2006 07:39:53 -0700 (PDT) From: backyard <backyard1454-bsd@yahoo.com> To: freebsd@orchid.homeunix.org, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Putting a command/script as a user's shell Message-ID: <20060911143953.93027.qmail@web83101.mail.mud.yahoo.com> In-Reply-To: <450570AA.6050505@orchid.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Karol Kwiatkowski <freebsd@orchid.homeunix.org> wrote: > Good day everyone, > > I'm trying to make it possible to restart (as in > 'shutdown -r now') a > FreeBSD based router from LAN network as easy as > possible so it can be > used by non-technical people. > > I'm sure some will ask why would I need that - it's > an USB modem > connecting to ADSL line that locks up sometimes and > all my attempts to > make it restart itself have failed. > > I came up with this idea: > > - add another user to the system, let it be > 'restart' > - add 'restart' to group operator > - let 'restart' to login through SSH from LAN with a > key (passwords > forbidden) > - put a restart command as it's shell (so it > automagically restarts > the router) > > Does that sound reasonably? Security is not an > issue, it's "secure > enough" for me. > > > OK, now for technical question. I realise I cannot > put arguments to > the command in the "shell area" in passwd file, so I > wrote a short script: > > $ cat /home/restart/restart.sh > #!/bin/sh > /sbin/shutdown -r now > $ ls -l /home/restart/restart.sh > -rwx------ 1 restart restart 33 Sep 11 15:24 > > > put that as restart's user shell: > > # grep restart /etc/master.passwd > restart:*:1017:1017::0:0:restart:/home/restart:/home/restart/restart.sh > > > and tried locally but it's not working: > > # su - restart > su: /home/restart/restart.sh: Permission denied > > > I'm not sure where 'Permission denied' come from. > Setup looks to be > OK, here's what I get with /usr/bin/id as a shell: > > # su - restart > uid=1017(restart) gid=1017(restart) > groups=1017(restart), 5(operator) > > > I'm sure I'm missing something here. Anyone have > some pointers? > > Cheers, > > Karol > > -- > Karol Kwiatkowski <freebsd at orchid dot homeunix > dot org> > OpenPGP: > http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc > > make the shell script group executable and make it group operator maybe try making it owned by root. I think what is happening is it is running under the priveledges of restart not operator because operators groups cannot execute the command only the restart user can due to the priveledges. And when the restart.sh passes its group priveledges to the sript callout to shutdown it fails because shutdown can only run as operator. That would be my guess -brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060911143953.93027.qmail>