Running a command on login.

thekillerbean · 07-01-2005, 11:08 PM

I once used a Solaris machine that had a special user. The account username was 'shutdown' and the password was 'system.' If you guessed that this user was solely created as a means to allow quick system shutdown by those privy to this info, then you are absolutely correct.

I'm sure that Linux (Red Hat Enterprise Linux 3.0) can do this as well but I have no idea on how to go about it - anyone willing to lend a hand?

Thanks.

bigrigdriver · 07-01-2005, 11:44 PM

This might give you some hints .

carlosruiz · 07-02-2005, 12:25 AM

A possible approach (not tested):

1. create the user shutdown

useradd shutdown

2. allow user to run init

sudo -u shutdown init

3. create script /home/shutdown/shutdown.sh

#!/bin/sh

# prevent cancellation of execution.
trap "" 1 2 3 6;
# shutdown init 6 for reboot;
init 0;

5. change permission for script.
chmod 700 /home/shutdown/shutdown.sh

4. change the user "shutdown" line in /etc/passwd
from:
shutdown:x:501:501:shutdown_user:/home/shutdown:/bin/bash
to:
shutdown:x:501:501:shutdown_user:/home/shutdown:/home/shutdown/shutdown.sh

login as user shutdown and it must shutdown the PC.

Hope this help, I didn't test it so beware it might not work exactly as it is, but I think it is a good start.

Regards

J.W. · 07-02-2005, 01:41 AM

If you need to rapidly shutdown your system, why not just

Code:

su
<password>
halt

As a side note, and although it's a bit OT, I think it's worth pointing out that that using the word "system" as the password for an account that has the power to bring down the entire system is a decision that should be reconsidered. It's just too easy to guess, and thus is a security weakness. -- J.W.

stefan_nicolau · 07-03-2005, 07:57 AM

Why not just grant normal users the right to shut down the computer by using sudo?
You could create a shutdown group, and any user in the group could shut down the system with:

Code:

sudo /sbin/shutdown -h now

trickykid · 07-03-2005, 09:18 AM

Why not use or create the shutdown.allow file?

From the man page of shutdown:

Code:

ACCESS CONTROL
       shutdown can be called from init(8) when the  magic  keys  CTRL-ALT-DEL
       are  pressed,  by  creating  an appropriate entry in /etc/inittab. This
       means that everyone who has physical access to the console keyboard can
       shut  the system down. To prevent this, shutdown can check to see if an
       authorized user is logged in on one of the virtual consoles.  If  shut-
       down  is  called  with  the  -a argument (add this to the invocation of
       shutdown in /etc/inittab), it checks to  see  if  the  file  /etc/shut-
       down.allow  is  present.  It then compares the login names in that file
       with the list of people that are logged in on a virtual  console  (from
       /var/run/utmp). Only if one of those authorized users or root is logged
       in, it will proceed. Otherwise it will write the message

       shutdown: no authorized users logged in

       to the (physical) system console. The format of /etc/shutdown.allow  is
       one user name per line. Empty lines and comment lines (prefixed by a #)
       are allowed. Currently there is a limit of 32 users in this file.

       Note that if /etc/shutdown.allow is not present,  the  -a  argument  is
       ignored.

thekillerbean · 07-04-2005, 05:07 AM

Thanks y'all. Carlosruiz has what I was looking for. Haven't tried it yet, but should it need any tweaking, I should be able to make it work.

Thanks again for all suggestions. I like the sudo ... solution as well so should tweaking carlosruiz's suggestion not work right, I'll try the sudo thing.