[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: בעניין: p.s. (was: Re: Shutdown by a us er)
Vadim Vygonets wrote:
>
> Quoth guy keren on Sat, Jul 22, 2000:
> > On Sat, 22 Jul 2000, Vadim Vygonets wrote:
> >
> > > Or you can take the BSD approach:
> > >
> > > 1. Add users allowed to shutdown to some group (call it
> > > "operator").
> > > 2. Make shutdown owned by user root, group operator:
> > > # chown root.operator /sbin/shutdown
> > > 3. Make shutdown runnable only by operator, setuid root:
> > > # chmod 4550 /sbin/shutdown
> >
> > and then again let the user use 'showdown now' in order to get into
> > single-user mode with an active root shell?
>
> Yes. If the user shuts down the machine and has access to the
> console, he might as well reboot it to single-user mode -- what's
> the difference?
>
> > are you sure that this is the BSD approach?
>
> Yes. In BSD (as well as in Linux, I believe) you can make the OS
> ask for root's password before running the shell in single-user
> mode (in BSD, this is done by putting "insecure" in /etc/ttys on
> the line describing the console; I'm not sure how it's done in
> Linux, and if I'm not mistaken, most modern Linux distros do it
> by default).
>
this is done in Linux by specifying
su:1:wait:/sbin/sulogin
in /etc/inittab
and you are mistaken: nor RH neither Mandrake do it.
debian does it, and I am not sure about other distros.
>
> Vadik.
>
>
--
--
Omer Mussaev 051-308-214 mailto:omerm@mercury.co.il
systems programmer, Mercury Interactive/RND/Conduct/core
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il