Using PAM: Allowing access to 'poweroff' while logged out.
I have discovered that the poweroff command does not run if the user is logged out of the system (and is not root). However, as I use 'screen' to background batch jobs, or the atd daemon, and like to issue a 'poweroff' command at the end to shut down the system, I have a problem.
Because these are running in the background, and I am not logged in on any terminal, authentication fails. The file /etc/pam.d/poweroff is configured by default to check if the user is physically logged in at the terminal.
The user isn't. But I would still like authentication to succeed, that is allow the user (even if just my own account), to poweroff the system while not physically at the console.
This raises another issue, if i allow SSH access, than ANYONE can shutdown my system if I do this.
Is there anyway around this? Can I allow only my own user ID to shutdown the system while not logged in? How do I edit the PAM configuration file to do that? I've searched for ours and found all the documentation on PAM to be brief and incomplete.
My only other option is to put a chmod u+s copy of poweroff in my ~/bin directory and call this directory, but the PAM option is cleaner.