Date: Mon, 7 Feb 2005 07:27:28 -0500 From: James Alexander Cook <james.cook@utoronto.ca> To: freebsd-questions@freebsd.org Subject: Re: Very general shutdown question Message-ID: <20050207122728.GA25945@angel.falsifian.afraid.org> In-Reply-To: <20050207114922.GJ473@eris.tenfour> References: <200502061646.27199.nedsmailbox2@cox.net> <4206A22E.8080902@gizm0.org> <20050207114922.GJ473@eris.tenfour>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 07, 2005 at 11:49:22AM +0000, Dick Davies wrote: > * Steven <freebsd@gizm0.org> [0203 23:03]: > > Hello Ned, > > > > you can add the user to the operator group. it is possible to run > > shutdown then (but not halt etc). > > Be caneful of that, I think operator has other privileges too > (can read from any disk for starters). > > > > You could also create a shutdown user with a login shell pointing to a > > shutdown script. > > But that won't work if they still don't have permission to run it... > What if you put the shutdown user in the operator group? I don't plan to use this solution, but out of curiousity, are there any security problems with creating a privileged user with a widely known password but a login shell that does something specific, like shutting down the system? - James Cook james.cook@utoronto.ca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050207122728.GA25945>