Date: Wed, 26 Jul 2000 23:43:39 -0700 (PDT) From: "Jason C. Wells" <jcwells@nwlink.com> To: Chris Moline <chris@theboss.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How come halt has to be suid to work? Message-ID: <Pine.SOL.3.96.1000726233311.7653C-100000@utah> In-Reply-To: <3.0.3.32.20000726233343.0068b930@theboss.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Jul 2000, Chris Moline wrote: > Usually when I finish up on my system I am working as root and so I never > noticed this before. The permissions were 555 but every time I used halt as > an ordinary user I got operation not permitted. I fixed this problem by > changing the permissions to 4550. Why does it have to be like this?(I > really don't like suid-I had to reinstall several times because of > malicious scripts. It is not so bad now that I know to watch out for them.) My guess is this. It is just a guess, but I think it is a pretty good one. If you want a more rigorous answer you'll have to have me mail my books to you. :) You may give permission to execute halt to any group or user (which you tried). Halt may (will!) have to shutdown processes (init), or write files (/var/log/messages) that are not owned by that user. Even though the user is allowed to run halt, halt is not allowed to take action on items not owned by the user running halt. Therefore halt must be run by root, or SUID. If you don't want halt as SUID, then change it and use 'su root -c halt' or 'sudo' instead. Thank you, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.1000726233311.7653C-100000>