LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Giving Specific users access to the reboot command (http://www.linuxquestions.org/questions/linux-security-4/giving-specific-users-access-to-the-reboot-command-28857/)

shassouneh 08-27-2002 12:47 AM

Giving Specific users access to the reboot command
 
Dear All,
Sorry if this is in the wrong forum, it just seems like the most suitable place to ask this.

I am a single user of my own machine, and I would like to give myself access to the reboot command, tather than su ing then doing it ot just doing ctrl-alt-del. This is a learning experience and I would like the satisfaction of knowing how to do it.

I have already tries chown <username> /sbin/.reboot and chmod 777 /sbin/reboot to no avail. Can anyone please help?

Thanx beforehand

neo77777 08-27-2002 01:10 AM

You need to change permissions on /sbin/halt because /sbin/reboot is a symlink to halt
chmod 755 /sbin/halt should suffice

shassouneh 08-27-2002 01:36 AM

tried but no
 
Nope. I did as u advised. First i exited the X server, and logged out completely. Logged in as root, and did a c

cd /sbin
chmod 755 halt
exit

then logged in as the regular user and typed in
reboot

and it said

must be superuser


Any ideas?

unSpawn 08-27-2002 03:55 AM

It's either installing sudo, use PAM or try this:
open up /etc/inittab and look for the line where you CTRL+ALT+DEL, and add "-a" to shutdown args.
echo $LOGNAME >> /etc/shutdown.allow
now you're allowed to shutdown using the 3 finger salute.
If you're using PAM you can change the /etc/pam.d config for the shutdown service using allow lists. Add an "auth" line under the last auth statement w/o quotes: "auth required /lib/security/pam_listfile.so item=user sense=allow file=/etc/pam.d/shutdown.allow onerr=fail"
echo $LOGNAME >> /etc/pam.d/shutdown.allow.
Haven't tested the PAM solution for shutdown, but this works on other services so it should work with shutdown as well.

shassouneh 08-27-2002 08:45 PM

unSpawn you kinda lost me. I do not with to shut down using ctr-alt-del. What I wish to do is simply allow a normal user, to use the reboot command without having to be root (superuser).

unSpawn 08-27-2002 10:11 PM

Shutdown does what you ask it to do depending on the flag, "-h" for halt and "-r" for reboot, so...

shassouneh 08-27-2002 10:29 PM

hmmm but how do i make a REGULAR user access the shutdown or even reboot commands?

neo77777 08-27-2002 11:17 PM

did you ignore /sbin/halt hint, or SuSE has different setup?
Also look at sudo

neo77777 08-27-2002 11:20 PM

Also what /etc/pam.d/halt looks like ?

shassouneh 08-28-2002 12:18 AM

I quote myself
Quote:

Nope. I did as u advised. First i exited the X server, and logged out completely. Logged in as root, and did a c

cd /sbin
chmod 755 halt
exit

then logged in as the regular user and typed in
reboot

and it said

must be superuser
As for /etc/pam.d/halt, I will let you know as soon as I reboot to Linux. I'm running Winblows at the moment

MartBrooks 08-28-2002 08:15 AM

man sudo

Regards

Sixpax 08-28-2002 01:30 PM

Check the man page on "shutdown" for /etc/shutdown.allow.

landoB 03-23-2004 08:27 PM

THE answer!!!
 
Hey, stop confusing this guy with the wrong answers!! i saw this post yesterday cuz I had the same issue and I found the solution!!

man sudoers

actually just go to /etc and edit sudoers. at the end of the file there should be 3 commented out lines to the tune of 'examples' and two examples beneath. change one to say (don't quote me on the syntax)

$:users allow:/sbin/shutdown -h now NOPASSWD:ALL

like i said look up 'man sudoers' to get the syntax right if my memory is wrong:study: also to reboot just duplicate the line and replace '-h' with '-r'

you shouldn't have to even check the man pages if you're astute enough!!

BTW halt and reboot can only be run in runlevel 1 and 6, if they are called in ANY other runlevel it tels the system ./sbin/shutdown -h now

freakin lamerz

Hangdog42 03-23-2004 09:27 PM

Quote:

freakin lamerz

Um, you answered a thread that is a year and a half old. I think they moved on.

landoB 03-24-2004 05:11 PM

whateva
 
it's my hot body, i'll do what i want

um.. for the benefit of others.:tisk:
i'm sick of round about answers on web forms. so i took matters into my own hands. besides, if it's so damn old... WTF!! why are you replying to me?


All times are GMT -5. The time now is 12:35 PM.