shutdown as a user problems

Fabian Nowak timystery at arcor.de
Sat Nov 18 08:22:06 CET 2006 

> >>>>>>
> >>>>>> %users  ALL=/sbin/shutdown
> >>>>>> %users  ALL=/sbin/halt
> >>>>>> %users  ALL=/sbin/poweroff
> >>>>>> %users  ALL=/usr/bin/reboot
> >>>>>> %users  ALL=/usr/local/libexec/xfsm-shutdown-helper
> >>>>>>

Hi!

Try `man sudoers' to find out the following. (Hint: Have each user use
another password to ease up testing, e.g. password r for root, u for
user, just to have different ones [and I'm assuming your box is offline
with all users having same passwords and so on]).

NOPASSWD and PASSWD

       By default, sudo requires that a user authenticate him or herself
       before running a command.  This behavior can be modified via the
       NOPASSWD tag.  Like a Runas_Spec, the NOPASSWD tag sets a default
for
       the commands that follow it in the Cmnd_Spec_List.  Conversely,
the
       PASSWD tag can be used to reverse things.  For example:

        ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

       would allow the user ray to run /bin/kill, /bin/ls,
and /usr/bin/lprm
       as root on the machine rushmore as root without authenticating
himself.
       If we only want ray to be able to run /bin/kill without a
password the
       entry would be:

        ray    rushmore = NOPASSWD: /bin/kill,
PASSWD: /bin/ls, /usr/bin/lprm


On my box I have 

	Me ALL = (ALL) ALL

to let me run any command on any host as any user ("I'm root myself, I'm
allowed to..." ;-)

It would be better to use

	Me ALL = NOPASSWD: ALL

to let me run any command on any host without needing to authenticate
myself.

Another choice is to look at the ownership attributes of the specified
commands (NB: whereis reboot
reboot: /sbin/reboot /usr/share/man/man8/reboot.8.gz) and verify that
the scripts are user-executable ( ll /sbin/reboot 
lrwxrwxrwx 1 root root 4 2006-10-23 23:48 /sbin/reboot -> halt
Me at MyHost:~$ ll /sbin/halt   
-rwxr-xr-x 1 root root 9884 2006-09-10 17:52 /sbin/halt)

HTH, Fabian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20061118/bb087afb/attachment.pgp>

More information about the Xfce mailing list