LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Let users to shutdown via sudoedit ? (https://www.linuxquestions.org/questions/linux-general-1/let-users-to-shutdown-via-sudoedit-527520/)

Xeratul 02-11-2007 06:10 AM
Let users to shutdown via sudoedit ?
 
Let users to shutdown via sudoedit ?

I just would like that users can shutdown the PC.
How to let users have this right ?

Code:
# ls -la /sbin/shutdown
-rwxr-xr-x 1 root root 18152 2006-07-25 19:51 /sbin/shutdown
Quote:
~$ /sbin/shutdown
shutdown: you must be root to do that!
How to play with /etc/sudoers maybe for that ?

b0uncer 02-11-2007 08:27 AM
Maybe create a new group called 'shutdown' or something, add the users you want to be able to shut down to that group, then add this line to /etc/sudoers:
Code:
%shutdown ALL = /sbin/shutdown
Or for specific users (and not group) leave the %-mark off the beginning of the line and instead of group name type user name. It's of course more handy to use a group. You can make this several different ways, though; refer to
Code:
man sudoers
on what you can actually do.

sn68 02-11-2007 08:48 AM
/etc/sudoers can be edited with visudo
After you run visudo you need to press "i" (w/o quotes) to start typing, and hit Esc to exit insert mode. After you've finished your addition, type :wq.

ZZ to close

Xeratul 02-11-2007 10:27 AM
Weird ... not working ... :-(

Code:
# whereis shutdown
shutdown: /sbin/shutdown /usr/share/man/man8/shutdown.8.gz

I followed :
Quote:
adduser shutdwn
blabla ok
Quote:
adduser xeratul shutdwn
blabla ok

then:
visudo

Code:
Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
%shutdwn  ALL = /sbin/shutdown
then,
I rebooted the box ...

and not possible to shutdown with xeratul account ...
why actually ?

thank you

sn68 02-11-2007 10:49 AM
Change
Code:
%shutdwn  ALL = /sbin/shutdown
to
Code:
shutdwn ALL = (ALL) ALL
This will allow user "shutdwn" root priviledges needed to run shutdown script so
>sudo /sbin/shutdown

else

>su
pwd
>/sbin/shutdown

snowtigger 02-11-2007 10:56 AM
For a start you created a user called shutdwn, you wanted to create a group called shutdwn, and add your user to that group
Also if you did have a user called shutdwn then they would have complete control for your system!

Keep what you did first and when you want to shutdown do (with out qoutes) 'sudo shutdown'

:)

Xeratul 02-11-2007 11:19 AM
Quote:
Originally Posted by snowtigger
For a start you created a user called shutdwn, you wanted to create a group called shutdwn, and add your user to that group
Also if you did have a user called shutdwn then they would have complete control for your system!

Keep what you did first and when you want to shutdown do (with out qoutes) 'sudo shutdown'

:)
pffff :scratch: :scratch:
it's getting more difficult now ..;

soo, how can I make this working for the xeratul user only:
Code:
$ shutdown -r now
(without sudo inbetween addition)

( If I change to ALL ALL , then the user can do all he wants like roots ? :-( )

snowtigger 02-11-2007 11:37 AM
Always use visudo to edit the sudoers file. As when you use this and save the file it will check that you have used the correct syntax.

To set it up for one user without asking for a password, add this to your sudoers. replace USER with your users name.

USER ALL=(ALL) NOPASSWD: /sbin/shutdown

Then to shutdonw type 'sudo shutdown'

If you want to use sudo to do this then you will have to type sudo.

If you want to allow the group users to do this put this in your suduers.

$users ALL=(ALL) NOPASSWD: /sbin/shutdown

If you want to prompt users for there password to shut the system down remove the NOPASSWD.

One thing to point out is thatthe two above examples will let a user shutdown the system from anywhere, ie via ssh, telnet etc. To stop thatyou could use something like,

%users localhost=/sbin/shutdown

This will let everybody in the group users to only shutdown the system from the localhost.

I hope this helps and has not confused things any more for you.

:)

Xeratul 02-11-2007 11:49 AM
Quote:
Originally Posted by snowtigger
Always use visudo to edit the sudoers file. As when you use this and save the file it will check that you have used the correct syntax.

To set it up for one user without asking for a password, add this to your sudoers. replace USER with your users name.

USER ALL=(ALL) NOPASSWD: /sbin/shutdown

Then to shutdonw type 'sudo shutdown'

If you want to use sudo to do this then you will have to type sudo.

If you want to allow the group users to do this put this in your suduers.

$users ALL=(ALL) NOPASSWD: /sbin/shutdown

If you want to prompt users for there password to shut the system down remove the NOPASSWD.

One thing to point out is thatthe two above examples will let a user shutdown the system from anywhere, ie via ssh, telnet etc. To stop thatyou could use something like,

%users localhost=/sbin/shutdown

This will let everybody in the group users to only shutdown the system from the localhost.

I hope this helps and has not confused things any more for you.

:)
You rock !
I work with :
Code:
sudo shutdown -r now
I can create in /usr/bin/myshutdown
containing sudo shutdown -r now

thank you


All times are GMT -5. The time now is 10:09 AM.