[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: p.s. (was: Re: Shutdown by a user)




On Fri, 21 Jul 2000, N Sakthivel wrote:

> 1. I have a linux cluster without keyboard and Mouse. So, 
> the need arises to use to 'shutdown' command from a node
> in the network.

ok. no ctrl+alt+del.

> 2. RedHat 6.2 has /etc/pam.d/shutdown,which allows the user to
> shutdown the machine after getting the passwd.
> 
> 3. But I want in RH. 5.2, in which I don't have the file
> in /etc/pam.d/shutdown. 
> 
> Q!! My Question is: If I copy the /etc/pam.d/shutdown from RH6.2, whether
> it will work.

no, since the shutdown binary must be compiled with support for PAM - and
it probably wasn't. it might be that replacing the shutdown binary would
work, but you should be carefull with such replacements (plus, very likely
that shutdown uses other commands on the way, which might be incompatible
between rh 5.2 and rh 6.2.

> > an important note - if you let your user run the 'shutdown' command, they
> > will be able to bring the system into single user mode and immediatly have
> > a root shell. this is not a good idea. and this is the default setting on
> > redhat 6.0... is it the same on redhat 6.2?
> 
> Question: Do you say the option of using 'linux single' from LILO prompt.

no. i refered to running 'shutdown now'. at least on my redhat 6.0 system,
it brings you down into single user mode, no password checking, and no
rebooting done along the way.

so, i think the right solution is what shaul karl mentioned - use 'sudo'
to allow users to run only the exact command that will actually reboot the
system (such as 'shutdown -r', as shaul wrote in his email).

guy

"For world domination - press 1,
 or dial 0, and please hold, for the creator." -- nob o. dy


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il