From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  7 12:26:19 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 97BE316A4CE
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Feb 2005 12:26:19 +0000 (GMT)
Received: from tomts16-srv.bellnexxia.net (tomts16-srv.bellnexxia.net
	[209.226.175.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EADD043D39
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Feb 2005 12:26:18 +0000 (GMT)
	(envelope-from james.cook@utoronto.ca)
Received: from angel.falsifian.afraid.org ([65.94.58.236])
	by tomts16-srv.bellnexxia.netSMTP
	<20050207122617.XRTB1836.tomts16-srv.bellnexxia.net@angel.falsifian.afraid.org>
	for <freebsd-questions@freebsd.org>;
	Mon, 7 Feb 2005 07:26:17 -0500
Received: by angel.falsifian.afraid.org (sSMTP sendmail emulation);
	Mon,  7 Feb 2005 07:27:28 -0500
Date: Mon, 7 Feb 2005 07:27:28 -0500
From: James Alexander Cook <james.cook@utoronto.ca>
To: freebsd-questions@freebsd.org
Message-ID: <20050207122728.GA25945@angel.falsifian.afraid.org>
References: <200502061646.27199.nedsmailbox2@cox.net>
	<4206A22E.8080902@gizm0.org> <20050207114922.GJ473@eris.tenfour>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050207114922.GJ473@eris.tenfour>
User-Agent: Mutt/1.4.2.1i
Subject: Re: Very general shutdown question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2005 12:26:19 -0000

On Mon, Feb 07, 2005 at 11:49:22AM +0000, Dick Davies wrote:
> * Steven <freebsd@gizm0.org> [0203 23:03]:
> > Hello Ned,
> > 
> > you can add the user to the operator group. it is possible to run 
> > shutdown then (but not halt etc).
> 
> Be caneful of that, I think operator  has other privileges too
> (can read from any disk for starters).
> 
>  
> > You could also create a shutdown user with a login shell pointing to a 
> > shutdown script.
> 
> But that won't work if they still don't have permission to run it...
> 

What if you put the shutdown user in the operator group?

I don't plan to use this solution, but out of curiousity, are there any
security problems with creating a privileged user with a widely known password
but a login shell that does something specific, like shutting down the system?

- James Cook
  james.cook@utoronto.ca