[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: בעניין: p.s. (was: Re: Shutdown by a us er)



Vadim Vygonets wrote:
> 
> Quoth guy keren on Sat, Jul 22, 2000:
> > On Sat, 22 Jul 2000, Vadim Vygonets wrote:
> > 
> > > Or you can take the BSD approach:
> > > 
> > > 1. Add users allowed to shutdown to some group (call it
> > >  "operator").
> > > 2. Make shutdown owned by user root, group operator:
> > > 	# chown root.operator /sbin/shutdown
> > > 3. Make shutdown runnable only by operator, setuid root:
> > > 	# chmod 4550 /sbin/shutdown
> > 
> > and then again let the user use 'showdown now' in order to get into
> > single-user mode with an active root shell?
> 
> Yes.  If the user shuts down the machine and has access to the
> console, he might as well reboot it to single-user mode -- what's
> the difference?
> 
> > are you sure that this is the BSD approach?
> 
> Yes.  In BSD (as well as in Linux, I believe) you can make the OS
> ask for root's password before running the shell in single-user
> mode (in BSD, this is done by putting "insecure" in /etc/ttys on
> the line describing the console; I'm not sure how it's done in
> Linux, and if I'm not mistaken, most modern Linux distros do it
> by default).
> 
this is done in Linux by specifying

su:1:wait:/sbin/sulogin

in /etc/inittab

and you are mistaken: nor RH neither Mandrake do it.
debian does it, and I am not sure about other distros.

> 
> Vadik.
> 
> 


-- 
--   
Omer Mussaev    051-308-214   mailto:omerm@mercury.co.il
systems programmer, Mercury Interactive/RND/Conduct/core


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il