View previous topic :: View next topic |
Author |
Message |
atdsm Tux's lil' helper
Joined: 15 Jun 2003 Posts: 118 Location: Pennsylvania
|
Posted: Mon Dec 22, 2003 3:53 am Post subject: What's the straight answer on user-executed shutdown? SOLVED |
|
|
Help!
I've read probably a dozen forums on how to allow a normal user to use the "shutdown" command, and I haven't got anywhere. A lot of people suggest "sudo," but I'm having a couple problems with it. First, using the root password it I get:
Code: | $ sudo shutdown
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
Sorry, try again. |
I also tried to modify the /etc/sudoers file, but in the file there are explicit instructions to use the command visudo. I don't understand visudo, and really don't want to get into all that, so I gave up on sudo and followed the group idea.
So I did the following as root:
Code: |
# groupadd shutdown
# usermod -G shutdown,users steve
# chmod 750 /sbin/shutdown
# chgrp shutdown /sbin/shutdown
# chmod 750 /sbin/halt
# chgrp shutdown /sbin/halt
# chmod 750 /sbin/reboot
# chgrp shutdown /sbin/reboot
# chmod 750 /sbin/poweroff
# chgrp shutdown /sbin/poweroff
|
After that I still got this error:
Code: | $ shutdown
bash: shutdown: command not found
|
So I looked in the forums more and tried linking to the /sbin/* commands like this:
Code: | $ shutdown
bash: /bin/shutdown: Permission denied
|
Checking permissions yields this:
Code: | $ ls -l /sbin/shutdown
-rwxr-x--- 1 root shutdown 18744 Dec 10 11:08 /sbin/shutdown |
And the line in my /etc/group file says this
Code: | shutdown:x:408:steve,root |
Somebody tell me what the heck I still need to do. _________________ There are 10 kinds of people: those who know binary and those who don't.
Last edited by atdsm on Sun Jul 18, 2004 6:37 pm; edited 1 time in total |
|
Back to top |
|
|
snkmoorthy Guru
Joined: 19 Nov 2002 Posts: 376
|
Posted: Mon Dec 22, 2003 4:16 am Post subject: |
|
|
may be you owe to chmod +s /sbin/shutdown, not entirely sure, and I don't want to ruin my uptime |
|
Back to top |
|
|
atdsm Tux's lil' helper
Joined: 15 Jun 2003 Posts: 118 Location: Pennsylvania
|
Posted: Mon Dec 22, 2003 5:00 am Post subject: |
|
|
Well, I did that, and I still have the same error, but now my permissions read:
Code: | steve@sfrank steve $ ls -l /sbin/shutdown
-rwsr-s--- 1 root shutdown 18744 Dec 10 11:08 /sbin/shutdown
| instead of: Code: |
steve@sfrank steve $ ls -l /sbin/shutdown
-rwxr-x--- 1 root shutdown 18744 Dec 10 11:08 /sbin/shutdown
|
So no, it didn't work. Btw, I know that the "x" was for execute, but what does the "s" stand for? And what does it do? _________________ There are 10 kinds of people: those who know binary and those who don't. |
|
Back to top |
|
|
drakonite l33t
Joined: 02 Nov 2002 Posts: 768 Location: Lincoln, NE
|
Posted: Mon Dec 22, 2003 5:46 am Post subject: |
|
|
If you create a file called /etc/shutdown.allow and place the names of the users who are allowed to shut down the computer (one name per line, no spaces), calling shutdown with the -a option will cause the computer to shutdown as long as someone on the allow list is currently logged in to a virtual terminal.
I haven't tried it but it's supposed to work
BTW... I think visudo should be running nano (it does on my system) so it should seem exactly like opening the file with nano. _________________ Shoot Pixels Not People
My GPG/PGP Public key |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9538 Location: beyond the rim
|
Posted: Mon Dec 22, 2003 5:53 am Post subject: |
|
|
The group thing probably didn't work because you forgot to re-login (which is needed to update group memberships). The 's' permission depends on the filetype and the party for which it is set, it's either SUID (which is what you want here), SGID or sticky bit. SUID for a file means that the file will always be executed with the rights of it's owner (so whoever calls shutdown, it will always be executed with root permissions).
You still get an error because you restricted the usage to the shutdown group, but your user is not part of that group until he logs in again. |
|
Back to top |
|
|
reillyeon n00b
Joined: 26 Mar 2003 Posts: 44 Location: Boston (ish)
|
Posted: Mon Dec 22, 2003 3:03 pm Post subject: |
|
|
In responce to your problems with sudo. Sudo requires you to enter your own password not root's. This is probably your problem. _________________ Linux user #309501 |
|
Back to top |
|
|
BodOrange Tux's lil' helper
Joined: 05 Apr 2003 Posts: 132
|
Posted: Mon Dec 22, 2003 6:02 pm Post subject: |
|
|
I took the easier option and editted how the ctrl-alt-del is handled in /etc/inittab:
Code: | # What to do at the "Three Finger Salute".
ca:12345:ctrlaltdel:/sbin/shutdown -h now |
|
|
Back to top |
|
|
atdsm Tux's lil' helper
Joined: 15 Jun 2003 Posts: 118 Location: Pennsylvania
|
Posted: Mon Dec 22, 2003 10:46 pm Post subject: |
|
|
Hmm... Ok, I tried two things. First, I made a file called shutdown.allow in /etc (as suggested) and put in two lines:
This (I assume) is to allow steve and root to use shutdown? Is that syntax right? I also logged completely out and back in. Now I get a new error:
Code: |
$ shutdown -a
shutdown: you must be root to do that!
|
This is from /etc/group:
Code: |
shutdown:x:408:steve,root
|
What happened so that my error message changed? _________________ There are 10 kinds of people: those who know binary and those who don't. |
|
Back to top |
|
|
atdsm Tux's lil' helper
Joined: 15 Jun 2003 Posts: 118 Location: Pennsylvania
|
Posted: Mon Dec 22, 2003 11:05 pm Post subject: |
|
|
Ok, I got it working. I forgot that after doing the chmod +s /sbin/shutdown and having it not work that I had taken it back off. So a combination of reenabling the chmod +s /sbin/shutdown and logging in again got shutdown working properly. Now I don't have to log in as root to reboot and test new kernels. That makes me happy.
Thank you all, at a minimum you helped me understand better what the heck I was trying to do.
Steve _________________ There are 10 kinds of people: those who know binary and those who don't. |
|
Back to top |
|
|
atdsm Tux's lil' helper
Joined: 15 Jun 2003 Posts: 118 Location: Pennsylvania
|
Posted: Mon Dec 22, 2003 11:36 pm Post subject: |
|
|
Oh, btw, how do I mark this thread as solved? _________________ There are 10 kinds of people: those who know binary and those who don't. |
|
Back to top |
|
|
jkcunningham l33t
Joined: 28 Apr 2003 Posts: 649 Location: 47.49N 121.79W
|
Posted: Sun Dec 28, 2003 6:11 pm Post subject: |
|
|
I ran across a thread on this subject about a year ago in which Nitro answered the same question with a much simpler solution. I was going to post the link but I can't find it now. Anyway, you don't need to change permissions on anything. All you need to do is edit the /etc/sudoers file and add the following:
[username] [machinename]=PASSWD:/sbin/shutdown -h now, /sbin/halt
Add one of these lines for each user you want to enable to shut the machine down. Do NOT put use the word ALL or you will be giving the user root privileges for other commands besides halt and shutdown.
The way a user shuts down is to issue the following command:
sudo /sbin/halt
He will be prompted for (his) password and then it will shutdown. If you don't want him to have to be prompted for his password, change the 'PASSWD' to 'NOPASSWD'. That's all there is to it.
-Jeff |
|
Back to top |
|
|
10drill Tux's lil' helper
Joined: 27 May 2004 Posts: 104 Location: 0{here}1
|
Posted: Sun Jul 18, 2004 3:06 am Post subject: |
|
|
The solution jkcunningham offers works perfectly for me, and can be refined a tiny bit more to make things even faster. To let a normal user shutdown or reboot as quickly as possible use the following in /etc/sudoers:
Code: | [username] [machinename]=NOPASSWD:/sbin/shutdown -h now, /sbin/halt, /sbin/reboot |
Of course take note of the NOPASSWD security risk. Then in your ~/.bashrc enter the following:
Code: | alias halt="sudo /sbin/halt"
alias reboot="sudo /sbin/reboot" |
Logout, and then login and try halt or reboot. |
|
Back to top |
|
|
|