From owner-freebsd-questions  Sat Jan 26 17:50:42 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP id C3C9737B400
	for <questions@freebsd.org>; Sat, 26 Jan 2002 17:50:38 -0800 (PST)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id 910DB2B82D; Sun, 27 Jan 2002 02:50:34 +0100 (CET)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id 1EC8A5B0; Sun, 27 Jan 2002 12:50:30 +1100 (EST)
Date: Sun, 27 Jan 2002 12:50:30 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: Bernie <Bernie_X@myrealbox.com>
Cc: questions@freebsd.org
Subject: Re: shutdown
Message-ID: <20020127125030.S823@k7.mavetju.org>
References: <20020127122850.R823@k7.mavetju.org> <20020127012015.X4706-100000@BLAST>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020127012015.X4706-100000@BLAST>; from Bernie_X@myrealbox.com on Sun, Jan 27, 2002 at 01:22:00AM +0200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sun, Jan 27, 2002 at 01:22:00AM +0200, Bernie wrote:
> 
> 
> On Sun, 27 Jan 2002, Edwin Groothuis wrote:
> 
> > On Sun, Jan 27, 2002 at 01:20:29AM +0000, Dimitri T wrote:
> > > is it possible to give a user (other than root) the
> > > right to shutdown the system?
> >
> > If you look at the permissions of /sbin/shutdown, you see:
> > -r-sr-x---  1 root  operator  166304 Sep 19 03:27 /sbin/shutdown
> >
> > So everybody in the group operator can issue the shutdown command.
> >
> > Edwin
> >
> > --
> > Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
> > edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
> > ------------------+                       http://www.FatalDimensions.org/
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
> 
> i was looking at the same for 'halt'
> 
> -r-xr-xr-x  4 root  wheel     228812 Dec 27 11:24 halt
> 
> seems everyone can use it...

Everybody can run it, only a few can run it succesfully:

[~] edwin@friet44>halt
halt: Operation not permitted
[~] edwin@friet44>groups
wheel operator

Reading the source:
        if (geteuid()) {
	    errno = EPERM;
	    err(1, NULL);
	}

The call to geteuid will always return non-zero for non-root users,
so non-root users will not be able to run halt (reboot, fasthalt,
fastboot)

Edwin

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message