[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: בעניין: p.s. (was: Re: Shutdown by a user)



Quoth guy keren on Sat, Jul 22, 2000:
> On Sat, 22 Jul 2000, Vadim Vygonets wrote:
> 
> > Or you can take the BSD approach:
> > 
> > 1. Add users allowed to shutdown to some group (call it
> >  "operator").
> > 2. Make shutdown owned by user root, group operator:
> > 	# chown root.operator /sbin/shutdown
> > 3. Make shutdown runnable only by operator, setuid root:
> > 	# chmod 4550 /sbin/shutdown
> 
> and then again let the user use 'showdown now' in order to get into
> single-user mode with an active root shell?

Yes.  If the user shuts down the machine and has access to the
console, he might as well reboot it to single-user mode -- what's
the difference?

> are you sure that this is the BSD approach?

Yes.  In BSD (as well as in Linux, I believe) you can make the OS
ask for root's password before running the shell in single-user
mode (in BSD, this is done by putting "insecure" in /etc/ttys on
the line describing the console; I'm not sure how it's done in
Linux, and if I'm not mistaken, most modern Linux distros do it
by default).

Vadik.

-- 
Do not meddle in the affairs of sysadmins, they are quick to
anger and have no need for subtlety.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il