Date: Mon, 17 May 1999 21:52:45 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: juksi@iname.com Cc: sziszi@petra.hos.u-szeged.hu, freebsd-newbies@FreeBSD.ORG, adam@whizkidtech.net Subject: Re: Newbie tip Message-ID: <199905180152.VAA00910@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <XFMail.990517192855.sjuke@saunalahti.fi> from Jukka Simila at "May 17, 99 07:28:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jukka Simila wrote, > But: > If you have a computer that can't be power-on for 24h / day, say, a computer > used mainly for text-editing (that old 486 :), wouldn't it be nicer to give > users a possibility to shut it down with their own password, rather than > delivering root's password to everyone, or recommending microsoft-style > shutdown "just switch the power off, it's all right then" :) > > Of course, better example than "sudo reboot" would have been "sudo halt" which > would do the obvious. On a computer at work that people need to be able to bring up and down, I did the following old trick, 1) I created a user called 'shutdown' 2) Made the user a member of group 'operator' (5). 3) Gave shutdown a startup shell something like, /usr/local/libexec/conshtdwn 4) Put something like the following in that file, #!/bin/sh if [ -z $REMOTEHOST ] && [ "x$HOST" = "x`hostname`" ]; then /sbin/shutdown -h now else echo "The computer may only be shutdown at the terminal." echo "" echo "This account is not available for login." exit 1 fi # NOT REACHED exit 2 5) Give the user, shutdown, a null password. This way, anyone, even someone without an account, can shutdown the computer gracefully at the terminal. This is much better than the other alternative of having them push reset or cycle the power on the running OS. I must admit I can't remember for sure how I did the check to make sure the login is not from a remote machine (for obvious reasons an anonymous shutdown from remote locations is a Bad Thing). The way I have done it here is for illustrative purposes, I do not think it is sure-fire or secure. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905180152.VAA00910>