LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-25-2006, 06:21 AM   #1
kniwor
Member
 
Registered: Aug 2005
Distribution: Slackware 12
Posts: 106

Rep: Reputation: 15
reboot/shutdown permissions


ok, i need to know how or where do i see the logs for when was the last time computer was rebooted/shutdown and by what user.

Also i need to change the permissions for reboot shutdown, so that only root can reboot or shutdown the PC, no other user should be able to reboot or shutdown using any command or the shutdown option in gnome menu, one should not even be able to shutdown the computer from the login screen without logging on as root. how do i go about this?
 
Old 08-25-2006, 06:49 AM   #2
odcheck
Member
 
Registered: Aug 2006
Distribution: Fedora, CentOS, RHEL, Debian
Posts: 978

Rep: Reputation: 30
For example, suppose I wanted to add a group of users who are allowed to shut down the machine.
So I first want to add a group called "shutdown" (run these commands while root)

groupadd shutdown

Then I need to edit the /etc/group file to add users to the "shutdown" group.
I just tack the usernames at the end of the shutdown line, separated by commas, e.g.

shutdown:x:407:user1,user2,...

Whatever users I put there will be able to shut down the computer (so choose wisely).
Now I need to configure sudo to allow members of the "shutdown" group to actually
invoke the assorted shutdown commands provided in linux. Run visudo and add
the following lines

%shutdown ALL=(root) NOPASSWD: /sbin/reboot
%shutdown ALL=(root) NOPASSWD: /sbin/halt
%shutdown ALL=(root) NOPASSWD: /sbin/shutdown

This allows the "shutdown" group to run /sbin/reboot, /sbin/halt, and /sbin/shutdown
AS IF THEY WERE ROOT. The only caveat is that the users must run the commands
with the command sudo in front, e.g.

sudo /sbin/halt

This is always a bit of a pain (and users never remember), so I can create the
following script called "/usr/bin/reboot" (and similar scripts for halt and shutdown)

#! /bin/sh
sudo /sbin/reboot $*

Remember to make these scripts executable! To make this slightly more secure,
I might want to change the ownership of these scripts to the "shutdown" group

chgrp shutdown /usr/bin/reboot /usr/bin/halt /usr/bin/shutdown

and then make them executable only for the group "shutdown"

chmod g+x /usr/bin/reboot /usr/bin/halt /usr/bin/shutdown

And there is also a option of using /etc/shutdown.allow but not very useful.
So within Gnome there should be a config in the home dirs
like ~/.config/menu.xml this file can be edited for the allow or not allow.
 
Old 08-25-2006, 08:42 AM   #3
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
System logs are in /var/log.
 
Old 08-25-2006, 08:49 AM   #4
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
Also, typing last in a console might give you some useful info.
 
Old 08-25-2006, 09:07 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,960

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Code:
last reboot
last -x|grep shutdown
will tell you when a reboot/shudown happened, but not the user.
If you want to allow only root to reboot/shutdown the box then remove the suid bit of /sbin/halt
Code:
chmod -s /sbin/halt
and disable Ctrl-Alt-Del (edit /etc/inittab and comment out the line: ca::ctrlaltdel:/sbin/shutdown -t5 -r now)
 
Old 08-25-2006, 03:26 PM   #6
kniwor
Member
 
Registered: Aug 2005
Distribution: Slackware 12
Posts: 106

Original Poster
Rep: Reputation: 15
thanks a lot, that is more info than i wanted, everyday i am begining to appreciate this place more n more....
 
Old 08-25-2006, 04:13 PM   #7
kniwor
Member
 
Registered: Aug 2005
Distribution: Slackware 12
Posts: 106

Original Poster
Rep: Reputation: 15
ok, i made the files /etc/halt /etc/reboot and /etc/shutdown chmod 700, so after this only root can use these commands, furthermore i did comment out
"ca::ctrlaltdel:/sbin/shutdown -t5 -r now"
in inittab
but users were still able to reboot from the menu, although they cannot issue the reboot/halt command, so finally i made the permissions of rc.6,rc.0 as 700, but no help. i think i need more help.

Last edited by kniwor; 08-25-2006 at 04:40 PM.
 
Old 08-26-2006, 11:06 AM   #8
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,960

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
It should work for any distro, but perhaps Slack is a bit different. At any case see this to see about the usage of -a option.

Regards
 
Old 08-26-2006, 11:58 AM   #9
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
Your using Gnome right? So the login manager is gdm? If you look around your system there should be a configuration file for it. I've got kde installed and there is a file called kdmrc in /opt/kde/share/config/kdm which is the configuration file for kdm. The default is for ALL users to be able to shut the system down, which you can change to root. So there should be a similar file for configuring gdm. Try man gdm.
 
Old 08-27-2006, 07:00 PM   #10
kniwor
Member
 
Registered: Aug 2005
Distribution: Slackware 12
Posts: 106

Original Poster
Rep: Reputation: 15
k, i cant find anything, actually i have no idea where to look for, any more help here.
 
Old 08-28-2006, 02:12 AM   #11
odcheck
Member
 
Registered: Aug 2006
Distribution: Fedora, CentOS, RHEL, Debian
Posts: 978

Rep: Reputation: 30
Okay about gnome so I have found something for you.
http://www.cyberciti.biz/nixcraft/vi...n-restart.html

I seams that this will help you :-)
 
Old 06-06-2007, 02:37 PM   #12
mobilemonkey
Member
 
Registered: May 2007
Distribution: slackware 11
Posts: 81

Rep: Reputation: 15
hi, i have done everything member odcheck suggested, to create a new group called 'shutdown', and add my user to it via the /etc/group file, i then added the exact same 3 lines as stated by odcheck to the sudoers file, but i cant issue 'sudo /sbin/shutdown', (even though i can issue 'sudo /sbin/reboot' and 'sudo /sbin/halt'), i get this error message 'sorry, user is not allowed to execute '/sbin/shutdown' as root on darkstar' , can anyone advise?

Last edited by mobilemonkey; 06-06-2007 at 02:39 PM.
 
Old 06-06-2007, 02:56 PM   #13
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
Try changing the shutdown command in /etc/sudoers to

%shutdown ALL=(root) NOPASSWD: /sbin/shutdown -h now

You will have to type that exact command for it to work, unless you create an alias for it.
 
Old 06-06-2007, 04:28 PM   #14
mobilemonkey
Member
 
Registered: May 2007
Distribution: slackware 11
Posts: 81

Rep: Reputation: 15
thanks simcox1 it was the /usr/bin/shutdown script that needed the '-h now' option & argument (it now reads 'sudo /sbin/shutdown -h now'),it seems the sudoers file can just use '/sbin/shutdown'. thanks to odcheck aswell for helping with the original post. now i can shutdown as a normal user

just while i remember, is there a way to turn off the annoying beep i get when i execute the scripts?

Last edited by mobilemonkey; 06-06-2007 at 04:30 PM.
 
Old 06-07-2007, 04:39 AM   #15
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
In the file /etc/inputrc, the line near the top allows you to set the system bell to none, audible or visible.
 
  


Reply

Tags
reboot


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shutdown yes, reboot no vitorg Slackware 17 02-18-2006 04:18 AM
shutdown -h causes reboot obrienj Red Hat 1 09-11-2005 10:52 PM
help with shutdown and reboot Paxmaster Fedora 2 09-26-2004 05:01 PM
Reboot Shutdown netlink Mandriva 2 06-13-2004 01:13 AM
reboot + shutdown :( zulik Slackware 12 05-31-2004 02:36 AM


All times are GMT -5. The time now is 08:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration