[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: בעניין: p.s. (was: Re: Shutdown by a user)
Quoth guy keren on Sat, Jul 22, 2000:
> On Sat, 22 Jul 2000, Vadim Vygonets wrote:
>
> > Or you can take the BSD approach:
> >
> > 1. Add users allowed to shutdown to some group (call it
> > "operator").
> > 2. Make shutdown owned by user root, group operator:
> > # chown root.operator /sbin/shutdown
> > 3. Make shutdown runnable only by operator, setuid root:
> > # chmod 4550 /sbin/shutdown
>
> and then again let the user use 'showdown now' in order to get into
> single-user mode with an active root shell?
Yes. If the user shuts down the machine and has access to the
console, he might as well reboot it to single-user mode -- what's
the difference?
> are you sure that this is the BSD approach?
Yes. In BSD (as well as in Linux, I believe) you can make the OS
ask for root's password before running the shell in single-user
mode (in BSD, this is done by putting "insecure" in /etc/ttys on
the line describing the console; I'm not sure how it's done in
Linux, and if I'm not mistaken, most modern Linux distros do it
by default).
Vadik.
--
Do not meddle in the affairs of sysadmins, they are quick to
anger and have no need for subtlety.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il