Tweet
Ok, so I'm running debain on my own box, as well as a friend's now. I have one gripe; I'd like to allow the primary user to be able to shutdown without using the root password. Can this be easily done?
-
-
You may only have to change the permissions on /sbin/shutdown, /sbin/halt, and /sbin/reboot.
chgrp users /sbin/shutdown
chmod g+rx /sbin/shutdown
I don't have any machines I would want to reboot right now. So I can't tell you if this works.I should have bought an ATI. -
On my machine (self-built distro), anyone has permission to run shutdown, but it won't work unless you're root. (That's how it installed - it's from sysvinit). I imagine you'll have to make it setuid root to work.
Trouble is, if you do that, anyone who's logged in can shut the machine down, not just the primary user.
Does Debian use PAM? There's a module (I forget its name - pam_console?) which attempts to figure out the "console user" and add them to a special group, so that things like sound and the X server are appropriately but not overly restricted. If Debian uses PAM and that module (I'm sure Red Hat does/did), then you need to find out the name of that group, and do (as root):
chown root.specialgroup /sbin/shutdown
chmod u+s /sbin/shutdown
chmod g+x /sbin/shutdown
chmod o-x /sbin/shutdown
I suggest looking in /etc/pam.d/login for clues as to whether this is applicable and what specialgroup is.
HTHBlah blah blah nick blah blah confusion, blah blah blah blah frog.Comment
-
Originally posted by Ribbit
On my machine (self-built distro), anyone has permission to run shutdown, but it won't work unless you're root. (That's how it installed - it's from sysvinit). I imagine you'll have to make it setuid root to work.
Trouble is, if you do that, anyone who's logged in can shut the machine down, not just the primary user.
That's fine by me.
Ok.Does Debian use PAM? There's a module (I forget its name - pam_console?) which attempts to figure out the "console user" and add them to a special group, so that things like sound and the X server are appropriately but not overly restricted. If Debian uses PAM and that module (I'm sure Red Hat does/did), then you need to find out the name of that group, and do (as root):
chown root.specialgroup /sbin/shutdown
chmod u+s /sbin/shutdown
chmod g+x /sbin/shutdown
chmod o-x /sbin/shutdown
I suggest looking in /etc/pam.d/login for clues as to whether this is applicable and what specialgroup is.
HTHComment
-
So does it work to just make shutdown setuid? I didn't try it.Blah blah blah nick blah blah confusion, blah blah blah blah frog.Comment
-
Well, here's what we have in that file...t looking in /etc/pam.d/login for clues as to whether this is applicable and what specialgroup is. [/B]Comment
-
No dice there. I should also note that my goal is to be able to shutdown from the login screen, where you're not really logged in as anyone after you logout of your KDE session.Originally posted by piaxVirus
You may only have to change the permissions on /sbin/shutdown, /sbin/halt, and /sbin/reboot.
chgrp users /sbin/shutdown
chmod g+rx /sbin/shutdown
I don't have any machines I would want to reboot right now. So I can't tell you if this works.
But, for grins, I tried running shutdown from a shell inside of KDE.
"kooldino@linuxbox:~$ /sbin/shutdown
shutdown: you must be root to do that!"Comment
-
shutdown user
You could create a user called shutdown that would use a shell script that calls the shutdown command. Then you just login as shutdown and it should work. You may have to put the shutdown script into a group that both root and the shutdown user has rights to.
- WxComment
-
Well, I could make their shell "shutdown". But when you're not logged in as anyone (ie, at the login screen), I'd like to be able to shut it down. I can do it in red hat (even though I wish it were impossible on that machine), but I'd like to be able to do it here.Comment
-
I'm not sure if you mean that this doesn't work, or what exactly, but to enable this, go to Control Center -> Login Manager -> Shutdown and enable "Allow Shutdown" for "Everybody". I assume you're still fine with everybody being able to shutdown the computer.Originally posted by Kooldino
No dice there. I should also note that my goal is to be able to shutdown from the login screen, where you're not really logged in as anyone after you logout of your KDE session.Comment
-
Ok, cool, I'll give that a go. Now to start another thread about wanting the complete OPPOSITE on another box.Originally posted by albatorsk
I'm not sure if you mean that this doesn't work, or what exactly, but to enable this, go to Control Center -> Login Manager -> Shutdown and enable "Allow Shutdown" for "Everybody". I assume you're still fine with everybody being able to shutdown the computer.Comment
-
Seems like it was already set like that.Originally posted by albatorsk
I'm not sure if you mean that this doesn't work, or what exactly, but to enable this, go to Control Center -> Login Manager -> Shutdown and enable "Allow Shutdown" for "Everybody". I assume you're still fine with everybody being able to shutdown the computer.
Comment
-
Do you get any kind of error message trying to shut down the computer as an unprivileged user with the login manager?Comment
-
You're using KDM as the login manager? You could just switch to GDM (which by default will let you shut down no problems, though you'd need to enter the root password). I thought KDM was the same way, but it's been a while since I had KDM as my login manager.
LeechWah! Wah!
In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.Comment
Comment