LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   How to allow non-root user to shutdown (https://www.linuxquestions.org/questions/linux-general-1/how-to-allow-non-root-user-to-shutdown-4175521889/)

Nick_C 10-12-2014 04:56 PM

How to allow non-root user to shutdown
 
Can anyone tell me how I can allow a non-root user to use the shutdown command in CentOS 7?

I am currently shutting down the machine remotely which is working fine as 'root' but I would prefer to create a new user say 'remoteshutdown' to use for this instead of root.

Problem is I cannot seem to find out how to allow a non root user permission to shutdown.

Thanks,

schneidz 10-12-2014 05:03 PM

run visudo as root.

Nick_C 10-13-2014 08:32 AM

Quote:

Originally Posted by schneidz (Post 5252840)
run visudo as root.

Yep, looked at that but I understood that only affects commands run through sudo. I want to shutdown machine remotely and do not want to have to include root password in batch/script file.

schneidz 10-13-2014 08:44 AM

Code:

[schneidz@mom ~]$ sudo visudo
...
## Allows people in group wheel to run all commands
#%wheel ALL=(ALL)      ALL

## Same thing without a password
 %wheel ALL=(ALL)      NOPASSWD: ALL

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
...


John VV 10-13-2014 04:54 PM

that should already be the default setup
to allow users to run
Code:

shutdown -h
now for a remote ( ssh /vpn ) power off or reboot
THAT SHOULD be only root

timl 10-13-2014 05:34 PM

Just a clarification

Quote:

I want to shutdown machine remotely and do not want to have to include root password in batch/script file.
Once a user has sudo rights that user can achieve root privileges by issuing the sudo command. When that user issues the sudo command they type in their password and not the root password. So, after typing:

Quote:

sudo cat /var/log/yum.log
that user will be asked for their password not the root password

Nick_C 10-14-2014 07:56 AM

Quote:

Originally Posted by schneidz (Post 5253104)
Code:

[schneidz@mom ~]$ sudo visudo
...
## Allows people in group wheel to run all commands
#%wheel ALL=(ALL)      ALL

## Same thing without a password
 %wheel ALL=(ALL)      NOPASSWD: ALL

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
...


Tried that but now get error:
Code:

Could not chdir to home directory wheel: No such file or directory
bash: shutdown: command not found


pan64 10-14-2014 08:03 AM

what have you tried? It has no meaning just drop an error message:
/sbin/shutdown -h now is configured in that configfile, that should be entered/executed.
shutdown normally not found, because it is in /sbin and /sbin is not in PATH (for general users).

schneidz 10-14-2014 08:39 AM

copy-pasta the output of:
Code:

[schneidz@mom ~]$ sudo cat /etc/sudoers
so someone has a starting point to debug. also what is the exact command that resulted in the above error message ?

Nick_C 10-14-2014 08:44 AM

visudo:
Code:

...
## Allows people in group wheel to run all commands
#%wheel ALL=(ALL)      ALL

## Same thing without a password
%wheel ALL=(ALL)      NOPASSWD: ALL

## Allows members of the users group to shutdown this system
%users  localhost=/sbin/shutdown -h now
%wheel  localhost=/sbin/shutdown -h now
...

User remoteshutdown added to both users & wheel groups.

Running "shutdown -h now" remotely returns error:
Code:

Could not chdir to home directory wheel: No such file or directory
bash: shutdown: command not found

Running "sudo shutdown -h now" remotely returns error:
Code:

Could not chdir to home directory wheel: No such file or directory
sudo: sorry, you must have a tty to run sudo


schneidz 10-14-2014 08:57 AM

just for shiggles can you try running it like:
Code:

sudo /sbin/shutdown -h now
# and
sudo /usr/sbin/shutdown -h now

also, maybe there isnt a a homedir for that user. does
Code:

cat /etc/passwd | grep remoteshutdown
provide anything useful ?

Nick_C 10-14-2014 09:47 AM

Quote:

Originally Posted by schneidz (Post 5253619)
Code:

sudo /sbin/shutdown -h now
# and
sudo /usr/sbin/shutdown -h now


both fail with:
Code:

Could not chdir to home directory wheel: No such file or directory
sudo: sorry, you must have a tty to run sudo

Quote:

Originally Posted by schneidz (Post 5253619)
Code:

cat /etc/passwd | grep remoteshutdown

returns:
Code:

remoteshutdown:x:1002:1003::wheel:/bin/bash

schneidz 10-14-2014 10:01 AM

the users home-directory looks weird (wheel) ?

Nick_C 10-14-2014 10:21 AM

Quote:

Originally Posted by schneidz (Post 5253653)
the users home-directory looks weird (wheel) ?

Don't know what went wrong there, user now deleted and recreated.
cat /etc/passwd | grep remoteshutdown returns
Code:

remoteshutdown:x:1002:1005::/home/remoteshutdown:/bin/bash

schneidz 10-14-2014 10:27 AM

i think you are good to retry... its probably gonnna' ask for a passwd. i think you need to put that NOPASSWD directive somewhere on that line in visudo... i am not a visudo expert so you will need to experiment a little.

also i think there is a way to disable the need of a tty for using sudo with ssh but makes things a little less secure.


All times are GMT -5. The time now is 08:10 AM.