What's the straight answer on user-executed shutdown? SOLVED

[atdsm]

Help!

I've read probably a dozen forums on how to allow a normal user to use the "shutdown" command, and I haven't got anywhere. A lot of people suggest "sudo," but I'm having a couple problems with it. First, using the root password it I get:

[snkmoorthy]

may be you owe to chmod +s /sbin/shutdown, not entirely sure, and I don't want to ruin my uptime

[atdsm]

Well, I did that, and I still have the same error, but now my permissions read:

[drakonite]

If you create a file called /etc/shutdown.allow and place the names of the users who are allowed to shut down the computer (one name per line, no spaces), calling shutdown with the -a option will cause the computer to shutdown as long as someone on the allow list is currently logged in to a virtual terminal.

I haven't tried it but it's supposed to work

BTW... I think visudo should be running nano (it does on my system) so it should seem exactly like opening the file with nano.
_________________
Shoot Pixels Not People

My GPG/PGP Public key

[Genone]

The group thing probably didn't work because you forgot to re-login (which is needed to update group memberships). The 's' permission depends on the filetype and the party for which it is set, it's either SUID (which is what you want here), SGID or sticky bit. SUID for a file means that the file will always be executed with the rights of it's owner (so whoever calls shutdown, it will always be executed with root permissions).
You still get an error because you restricted the usage to the shutdown group, but your user is not part of that group until he logs in again.

[reillyeon]

In responce to your problems with sudo. Sudo requires you to enter your own password not root's. This is probably your problem.
_________________
Linux user #309501

[BodOrange]

I took the easier option and editted how the ctrl-alt-del is handled in /etc/inittab:

[atdsm]

Hmm... Ok, I tried two things. First, I made a file called shutdown.allow in /etc (as suggested) and put in two lines:

[atdsm]

Ok, I got it working. I forgot that after doing the chmod +s /sbin/shutdown and having it not work that I had taken it back off. So a combination of reenabling the chmod +s /sbin/shutdown and logging in again got shutdown working properly. Now I don't have to log in as root to reboot and test new kernels. That makes me happy.

Thank you all, at a minimum you helped me understand better what the heck I was trying to do.

Steve
_________________
There are 10 kinds of people: those who know binary and those who don't.

[atdsm]

Oh, btw, how do I mark this thread as solved?
_________________
There are 10 kinds of people: those who know binary and those who don't.

[jkcunningham]

I ran across a thread on this subject about a year ago in which Nitro answered the same question with a much simpler solution. I was going to post the link but I can't find it now. Anyway, you don't need to change permissions on anything. All you need to do is edit the /etc/sudoers file and add the following:

[username] [machinename]=PASSWD:/sbin/shutdown -h now, /sbin/halt

Add one of these lines for each user you want to enable to shut the machine down. Do NOT put use the word ALL or you will be giving the user root privileges for other commands besides halt and shutdown.
The way a user shuts down is to issue the following command:

sudo /sbin/halt

He will be prompted for (his) password and then it will shutdown. If you don't want him to have to be prompted for his password, change the 'PASSWD' to 'NOPASSWD'. That's all there is to it.

-Jeff

[10drill]

The solution jkcunningham offers works perfectly for me, and can be refined a tiny bit more to make things even faster. To let a normal user shutdown or reboot as quickly as possible use the following in /etc/sudoers: