How to allow non-root user to shutdown
Can anyone tell me how I can allow a non-root user to use the shutdown command in CentOS 7?
I am currently shutting down the machine remotely which is working fine as 'root' but I would prefer to create a new user say 'remoteshutdown' to use for this instead of root. Problem is I cannot seem to find out how to allow a non root user permission to shutdown. Thanks, |
run visudo as root.
|
Quote:
|
Code:
[schneidz@mom ~]$ sudo visudo |
that should already be the default setup
to allow users to run Code:
shutdown -h THAT SHOULD be only root |
Just a clarification
Quote:
Quote:
|
Quote:
Code:
Could not chdir to home directory wheel: No such file or directory |
what have you tried? It has no meaning just drop an error message:
/sbin/shutdown -h now is configured in that configfile, that should be entered/executed. shutdown normally not found, because it is in /sbin and /sbin is not in PATH (for general users). |
copy-pasta the output of:
Code:
[schneidz@mom ~]$ sudo cat /etc/sudoers |
visudo:
Code:
... Running "shutdown -h now" remotely returns error: Code:
Could not chdir to home directory wheel: No such file or directory Code:
Could not chdir to home directory wheel: No such file or directory |
just for shiggles can you try running it like:
Code:
sudo /sbin/shutdown -h now Code:
cat /etc/passwd | grep remoteshutdown |
Quote:
Code:
Could not chdir to home directory wheel: No such file or directory Quote:
Code:
remoteshutdown:x:1002:1003::wheel:/bin/bash |
the users home-directory looks weird (wheel) ?
|
Quote:
cat /etc/passwd | grep remoteshutdown returns Code:
remoteshutdown:x:1002:1005::/home/remoteshutdown:/bin/bash |
i think you are good to retry... its probably gonnna' ask for a passwd. i think you need to put that NOPASSWD directive somewhere on that line in visudo... i am not a visudo expert so you will need to experiment a little.
also i think there is a way to disable the need of a tty for using sudo with ssh but makes things a little less secure. |
Running "shutdown -h now" remotely returns error.
Quote:
Code:
sudo: sorry, you must have a tty to run sudo Code:
Failed to issue method call: Access denied |
i'm curious:
Code:
sudo /sbin/shutdown -h now also, what happens when you log in via ssh then run the commands using sudo (also try with specifying the path). |
Quote:
Code:
Authentication is required for powering off the system. Have now found a way to make 'remoteshutdown' an Administrator which it was not before. This has changed things slightly, running from SSH /usr/sbin/shutdown -h now Code:
Authentication is required for powering off the system. |
Does your distribution use ConsoleKit or logind for session management?
|
Quote:
|
Quote:
Code:
ssh remoteshutdown@host |
Quote:
Code:
The authenticity of host 'n.n.n.n' can't be established. ECDSA key fingerprint is ...... Are you sure you want to continue connecting (yes/no)? Answer 'yes' sudo /usr/sbin/shutdown -h now Shuts-down server ok Run batch file plink.exe -ssh -pw <password> remoteshutdown@n.n.n.n "/sbin/shutdown -h now" Error: Code:
Failed to issue method call: Access denied |
Quote:
so now are you trying to make it so that remoteshutdown can shutdown the server via something like: Code:
ssh remoteshutdown@n.n.n.n sudo /usr/sbin/shutdown -h now |
Quote:
|
that mite work. what does
Code:
which shutdown |
Quote:
Code:
/usr/sbin/shutdown Code:
lrwxrwxrwx. 1 root root 16 Sep 25 16:11 /sbin/shutdown -> ../bin/systemctl |
i would be concerned with changing permissions on the systemctl program becuz then remoteshutdown would be allowed to do other things like restart sshd, httpd, mysqld, ...
|
this mite help:
http://maymay.net/blog/2010/03/17/ho...cing-security/ |
Code:
chmod +s /sbin/shutdown Code:
plink.exe -ssh -pw <password> remoteshutdown@n.n.n.n "/sbin/shutdown -h now" Thanks for all your help with this |
thanks for sharing your solution. my suggestion would be to use keys instead of writing down the passwd.
if it is solved please select resolved under thread tools. |
All times are GMT -5. The time now is 07:06 PM. |