Find the answer to your Linux question:
Results 1 to 9 of 9
i was reading on the manual for shutdown and it stated there that it is possible to allow none SU/root users to be able to use the shutdown command -- ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Aug 2003
    Posts
    289

    how to use -a option in shutdown


    i was reading on the manual for shutdown and it stated there that it is possible to allow none SU/root users to be able to use the shutdown command -- using the -a option and making a file /etc/shutdown.allow where allowed users login name are placed. it also said that this should be included in the /etc/inittab file. but it didn't elaborate on how to do this. further, it said something about an 8th option, on which is not standard on NIX systems, but is user-specificed.

    so how do i go about doing this guys? i don't want to be prompted for a root password everytime i wanna restart or halt the system...

    i'm using RH9.
    Registered User #345074

  2. #2
    Linux User
    Join Date
    Aug 2003
    Posts
    289
    i think i've misunderstood this -a option. it seems it can only be used for the "3 finger salute" key combo. is there an alternative for allowing not-root users to restart or halt the system? say i'll just write a script or make a launcher for this command. and i want it so that only those who have permissions can do this.
    Registered User #345074

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    RH systems are usually already configured so that the logged in user can shut the system down. Otherwise, it's rather easy to do. The greatest problem is that the Linux kernel doesn't allow SUID parsed files, so you need to create a binary for it. However, it's rather easy to do as a C program:
    Code:
    #include <stdio.h>
    #include <unistd.h>
    #include <string.h>
    #include <errno.h>
    #include <pwd.h>
    
    char buf&#91;1024&#93;;
    
    int main&#40;int argc, char **argv&#41;
    &#123;
        int c;
        char *a;
        FILE *rc;
        struct passwd *pw;
        
        a = "-h";
        while&#40;&#40;c == getopt&#40;argc, argv, "hr"&#41;&#41; >= 0&#41;
        &#123;
            switch&#40;c&#41;
            &#123;
            case 'h'&#58;
                a = "-h";
                break;
            case 'r'&#58;
                a = "-r";
                break;
            default&#58;
                fprintf&#40;"usage&#58; %s &#91;-hr&#93;\n", argv&#91;0&#93;&#41;;
                exit&#40;1&#41;;
            &#125;
        &#125;
        if&#40;&#40;rc = fopen&#40;"/etc/shutdown.allow.2", "r"&#41;&#41; == NULL&#41;
        &#123;
            fprintf&#40;stderr, "/etc/shutdown.allow.2&#58; %s\n", strerror&#40;errno&#41;&#41;;
            exit&#40;1&#41;;
        &#125;
        pw = getpwuid&#40;getuid&#40;&#41;&#41;;
        while&#40;fgets&#40;buf, 1024, rc&#41; != NULL&#41;
        &#123;
            if&#40;buf&#91;strlen&#40;buf&#41; - 1&#93; == '\n'&#41;
                buf&#91;strlen&#40;buf&#41; - 1&#93; = 0;
            if&#40;!strcmp&#40;buf, pw->pw_name&#41;&#41;
            &#123;
                execl&#40;"/sbin/shutdown", "/sbin/shutdown", a, "now", NULL&#41;;
                fprintf&#40;stderr, "/sbin/shutdown&#58; %s\n", strerror&#40;errno&#41;&#41;;
                exit&#40;1&#41;
            &#125;
        &#125;
        fprintf&#40;stderr, "%s, you are not allowed to\n", pw->pw_name&#41;;
        exit&#40;1&#41;;
    &#125;
    Compile that, chmod it to 4755, chown it to root and create a file called /etc/shutdown.allow.2 containing one username per line of those users that are allowed to shut down.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User
    Join Date
    Aug 2003
    Posts
    289
    whoa! that's like a C program already dolda. can anything be done without the program? but thanks very much for that though. it's greatly appreciated. i'll try this one. it shouldn't be too hard to understand. i only had one sem of C programming. and the rest in Java.

    here's what i did. i made a group. added myself and shutdown as group members. it didn't work. i even had linuxconf set myself to be able to shutdown. that didn't work too. so what's the trick behind the default window manager of RH9 being able to halt or restart even when logged in as a regular user. KDE doesn't seem to have this. but i don't always start X. this is when i have to SU just to halt the system.

    any suggestions?
    Registered User #345074

  6. #5
    Linux Engineer
    Join Date
    Dec 2002
    Location
    New Zealand
    Posts
    766
    do u specifically want to limit users or just make it so anyone can shutdown.
    Code:
    chmod +s /sbin/shutdown
    ls -s /sbin/shutdown /bin/shutdown
    will make the shutdown command suid (eg anyone can run it) and the symlink will make it so ui can jsut type shutdown instead of /sbin/shudown.

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Do you run RH9? In that case, it's actually rather weird that you can't shut down as a regular user. RH uses the pam_console PAM module and the consolehelper program to allow the user who is logged in at the physical console to shut the system down.

    Of course, you have another option. Just create a group called sd or something, "chown root:sd /sbin/shotdown" and "chmod 4754 /sbin/shutdown". Then add yourself to the sd group and you should find yourself lucky.

  8. #7
    Linux User
    Join Date
    Aug 2003
    Posts
    289
    i want the shutdown to be authorized. yes it's RH9 i'm using here. i tried the code and it worked, although there was something wrong with the switch, or probably the getopt command. the value of the variable 'a ' is not being updated, so it's always a "-h". i decided to make 2 binaries instead, one for "-r" and the other for "-h". hahaha... lousy programming i say! my C sucks, big time!

    i did try to make a group and added myself into the group before i started this post and it didn't work. i just read your latest post dolda, and i guess i did some mistakes. now i know.

    is PAM a service, coz i don't see it in the list of services i selected during boot. what is this app's full name? yes, i really can't use shutdown unless i'm root. except for GNOME's menu panel which has default restart and reboot options.

    thanks everyone - dolda, hellmasker!
    Registered User #345074

  9. #8
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Quote Originally Posted by xylex_blaiste
    there was something wrong with the switch, or probably the getopt command.
    You don't say? I see now that I had written (c == getopt(...)), while of course it should be (c = getopt(...)). I really do that all too often. :-)

    Quote Originally Posted by xylex_blaiste
    is PAM a service, coz i don't see it in the list of services i selected during boot.
    In short, it's not a service; it's invoked by other programs.
    PAM stands for Pluggable Authentication Modules. It's a library that programs such as login, gdm, ftp, etc. use to authenticate users. It checks the configuration files in /etc/pam.d for each individual program and uses the modules in /lib/security or /usr/lib/security (depending on the system). It's a tremendous advantage over the old time authentication procedure that checked entries from getpwname, since not all authentication procedures use /etc/passwd or even nsswitch (such as Kerberos).

    I see now that I check that shutdown has no such consolehelper. However, what happens if you run eg. /usr/bin/halt instead?

  10. #9
    Linux User
    Join Date
    Aug 2003
    Posts
    289
    i didn't really look at the code that much. that '==' operator was quite misleading. although it would've been quite obvious, i am not familiar with the getOpt command in linux too. although i gather that you specify an option, which is 'h' or 'r' in this case, and a return of 0 means ok.

    thanks for the advice and info man!

    oh, i can run halt. i tried that some time ago already. but i like shutdown better. much better, i guess.
    Registered User #345074

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •