| View previous topic :: View next topic |
| Author |
Message |
IvanHoe
l33t
Joined: 05 Oct 2002
Posts: 658
|
 Posted: Wed Oct 09, 2002 5:54 am Post subject: Shutdown & Restart |
 |
|
| What group do I need to add a user to for that user to be able to shutdown or restart without su? |
|
| Back to top |
|
 |
wzzrd
Apprentice
Joined: 18 Jul 2002
Posts: 245
|
| Posted: Wed Oct 09, 2002 6:35 am Post subject: |
|
|
| Better just chmod or chown the shutdown and reboot scripts. That's what made it work for me. |
|
| Back to top |
|
|
Mnemia
Guru
Joined: 17 May 2002
Posts: 476
|
| Posted: Wed Oct 09, 2002 6:41 am Post subject: |
|
|
Actually rather than just using chmod I would use chown to change the group ownership on the scripts and make sure you are a member of that group. You could make a new group or use wheel, etc.
eg chown root.wheel <script>
Then do a chmod 750 on the script and you should be good to go. |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Wed Oct 09, 2002 6:54 am Post subject: |
|
|
Mnemia, does that really work? I see | Code: | realuid = getuid();
setuid(geteuid());
if (getuid() != 0) {
fprintf(stderr, "shutdown: you must be root to do that!\n");
exit(1);
}
|
...in shutdown.c's main() function. Wouldn't it have to be 4750 root.somegroup, then?
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
eivinn
Apprentice
Joined: 10 Jul 2002
Posts: 219
Location: Norway
|
| Posted: Wed Oct 09, 2002 7:16 am Post subject: |
|
|
I have just made a symlink to the real shutdown script in /usr/bin I then chmod'ed the script 4750 and was good to go.
By the way: every user are good to go for a restart. Just press CTRL-ALT-DEL |
|
| Back to top |
|
|
Mnemia
Guru
Joined: 17 May 2002
Posts: 476
|
| Posted: Wed Oct 09, 2002 7:55 am Post subject: |
|
|
Heheh, should've looked more closely. My mistake 
Oh well, I'm glad you got it to work. |
|
| Back to top |
|
|
Yarrick
Bodhisattva
Joined: 05 Jun 2002
Posts: 304
Location: Malmö, Sweden
|
| Posted: Wed Oct 09, 2002 9:28 am Post subject: |
|
|
Yes, CTRL-ALT-DEL is useful. Then just press the powerbutton when it says "Remounting partitions readonly..."  |
|
| Back to top |
|
|
rizzo
Retired Dev
Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA
|
| Posted: Wed Oct 09, 2002 12:56 pm Post subject: |
|
|
| eivinn wrote: | | every user are good to go for a restart. Just press CTRL-ALT-DEL |
That is only from console, meaning you'd have to physically be AT the computer. Obviously if you are ssh'ed in and did ctrl-alt-del there's a chance it would restart your client machine.
Just stating what is hopefully the obvious. |
|
| Back to top |
|
|
Hephaistos
n00b
Joined: 14 Oct 2002
Posts: 8
|
| Posted: Wed Oct 16, 2002 10:05 pm Post subject: |
|
|
How can that work?
What if I copy a shutdown script an a Floppy and go to an other Computer. Copy it into my home dir as a normal user and start that script. Does the computer go down? |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20588
|
| Posted: Wed Oct 16, 2002 10:18 pm Post subject: |
|
|
Only if you have permission to chmod 4750 (4 being the key)
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Wed Oct 16, 2002 10:32 pm Post subject: |
|
|
| Hephaistos wrote: | | What if I copy a shutdown script an a Floppy and go to an other Computer. Copy it into my home dir as a normal user and start that script. Does the computer go down? |
If you copy it, it will lose the setuid bit, so the resulting shutdown binary will not be suid root and won't work when run by a normal user. However, you could run it off the floppy directly, depending on how the other computer is configured. If normal users can't mount floppies, then you won't be able to mount it. If normal users can mount floppies, but the setuid bits are not honored on them, then that won't work directly. There is one other tactic I know of that will work with older versions of perl and/or older versions of the Linux kernel that don't support fstatvfs, but that's of historical importance only.
However, if you have physical access to the machine, and you want to shut it down, why not just pull the power cord?
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
Hephaistos
n00b
Joined: 14 Oct 2002
Posts: 8
|
| Posted: Wed Oct 16, 2002 11:44 pm Post subject: |
|
|
If I dont have physical access? Maybe using ftp and telnet?
What if I set it to the uid of the system on my system? |
|
| Back to top |
|
|
Curious
Bodhisattva
Joined: 13 May 2002
Posts: 395
Location: Sydney, Australia
|
| Posted: Wed Oct 16, 2002 11:57 pm Post subject: |
|
|
| Hephaistos wrote: | | If I dont have physical access? Maybe using ftp and telnet? What if I set it to the uid of the system on my system? |
If you can set the SUID bit over a telnet session, I don't think uploading your own shutdown script is going to be a real priority. If you can set things to be suid root, you are already root, most likely.
If you FTP something across, it's going to be created under your ID. The only place this becomes a problem is when it's on floppies and cdroms ( or other removable storage ) and the careless administrator has forgotten to set the mount option that disables SUID binaries on this filesystem.
How about instead of bothering the forum with these suggestions, you go and try them for yourself first?  Or better yet, go and read up on the Unix security and file permissions model.
-- Curious
_________________
Are you down with the Hawk? |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Thu Oct 17, 2002 12:00 am Post subject: |
|
|
| Hephaistos wrote: | | If I dont have physical access? Maybe using ftp and telnet? |
Neither of those methods will preserve suid bits.
| Quote: | | What if I set it to the uid of the system on my system? |
What do you mean by "the uid of the system on my system"? root is uid 0 by definition.
What were are discussing here is logically equivalent to an unprivileged user gaining remote root access, because the file in question could just as easily be a suid root shell as a suid root shutdown binary. Therefore, any system that is configured in such a way as to allow this to happen has severely compromised security. If you find a way to do this on a normally configured Gentoo system (or any other mainstream Linux distro), I'm sure there are lots of black hats that would be willing to pay you a lot of money for the technique.
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
Curious
Bodhisattva
Joined: 13 May 2002
Posts: 395
Location: Sydney, Australia
|
| Posted: Thu Oct 17, 2002 12:04 am Post subject: |
|
|
P.S., Hephaistos, I am going to be watching you very closely from now on.
-- Curious
_________________
Are you down with the Hawk? |
|
| Back to top |
|
|
|
Networking & Security
