LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-19-2006, 04:08 AM   #1
koenvi
LQ Newbie
 
Registered: Dec 2006
Location: Belgium
Distribution: Fedora
Posts: 1

Rep: Reputation: 0
Add a "reboot only" user


I just installed a Fedora Core 6 Linux.
For security reasons, I don't want to share my root password with too many people. I was thinking of creating a user/login, which will trigger a reboot once it is used.

Do you gurus out there think this is a good idea?
And how would I go about to make this work? How would the login of a user called 'reboot' make the box actually reboot?

Thanks in advance,

Koen
 
Old 12-19-2006, 05:09 AM   #2
Dave Lerner
Member
 
Registered: May 2005
Location: Virginia, USA
Distribution: MEPIS, Ubuntu
Posts: 39

Rep: Reputation: 16
Just taking a stab at this ...

What I would try is to create a one-line script containing the reboot command. Make root the owner of the file, set the file permissions so that anyone can execute the file, and set the SUID bit so that the script runs as root.

Something like this:

Contents of /opt/public_reboot:

Code:
!#/bin/sh
/sbin/shutdown -r +1
# chown root:root /opt/public_reboot (redundant if file is created by root)
# chmod 4755 /opt/public_reboot

If you want to restrict use of the script, you could add a new user group, e.g. "reboot", add the desired users to that group, and set the permissions of the script so that only users in that group can execute the file:

# chown root:reboot /opt/public_reboot
# chmod 4750 /opt/public_reboot

As for whether it's a good idea, I'm not sure. What if you're in the middle of doing some critical maintenance, and someone decides to reboot?

----
Edit

I just remembered that SUID doesn't work on shell scripts, for security reasons. The above approach should still usable if the script is changed to Perl. Or maybe sudo would be a better approach.

Last edited by Dave Lerner; 12-19-2006 at 05:16 AM.
 
Old 12-19-2006, 09:21 AM   #3
ygloo
Member
 
Registered: Aug 2006
Distribution: slack
Posts: 323

Rep: Reputation: 30
look at
/etc/sudoers

Last edited by ygloo; 12-19-2006 at 09:23 AM.
 
Old 12-19-2006, 10:16 AM   #4
introuble
Member
 
Registered: Apr 2004
Distribution: Debian -unstable
Posts: 700

Rep: Reputation: 31
The kernel does not honour SUID scripts.

--

Quote:
For security reasons, I don't want to share my root password with too many people.
Heh.. sounds like a good security policy to me. A better solution would be to not give the root password to anyone else.

As for a solution to your problem.. don't you have CTRL+ALT+DEL ?

----
Edit

I've just seen Dave Lerner's edit

Last edited by introuble; 12-19-2006 at 10:22 AM.
 
Old 12-19-2006, 11:53 AM   #5
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Quote:
Originally Posted by ygloo
look at
/etc/sudoers
I agree. Look at the sudoers list and add users you want. This way, they can have certain access and privileges that you can define without having to give out your root password. They can use their own user password.
 
  


Reply

Tags
administration, reboot, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba --> nobody run "add user script = /usr/sbin/useradd ....." ??!! Unconfigured Fedora 1 02-23-2006 04:54 AM
Samba --> nobody run "add user script = /usr/sbin/useradd %u ....." ???? Unconfigured Linux - Software 1 02-21-2006 09:01 AM
Can't run "halt" or "reboot" as user, can somebody help? ro_nicu Slackware 4 11-01-2004 07:57 AM
"route add" gets reset at reboot trees Linux - Networking 5 01-21-2004 04:18 PM


All times are GMT -5. The time now is 02:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration