Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] creating a normal user just for reboot
Hi,

> > useradd -u 0 -o -g 0 -d $HOMEDIR -s /sbin/reboot -c "Reboot User" reboot
> I guess this will fail with "UID 0 is not unique".

No, it dosen't fail, because of the "-o" Parameter. -> "man useradd"

> BTW, I would prefere sudo a lot! I did a similar thing once upon
> a time ago, but it was a dirty hack :) I did this:

So, I thing the sudo solution is the more security risk then the my way,
because this is the program callway:

- login (PAM)
- loginshell
- sudo
- reboot

The programs in my solution are the following:

- login (PAM)
- reboot

-> If you call more programs you have a higher security risk

btw. i've tested my script and it works but with a bug: The system would be
halted not rebooted, why? The programm "/sbin/reboot" is a link to
"/sbin/halt" :-)
So the following script works well:

----- BEGIN -----

#!/bin/sh

HOMEDIR="/home/reboot"
REBUN="reboot"
SHELLSCRIPT="/usr/local/sbin/reboot.sh"
TMPFILE=`mktemp /tmp/$0.XXXXXX`

echo "/sbin/shutdown -r now" >> $TMPFILE
install -g 0 -o 0 -b -v -m 700 $TMPFILE $SHELLSCRIPT
rm $TMPFILE

useradd -u 0 -o -g 0 -d $HOMEDIR -s $SHELLSCRIPT -c "Reboot User" $REBUN
install -d -g 0 -o 0 -m 500 $HOMEDIR
echo "$REBUN" >> /etc/ftpusers
echo "$REBUN: root" >> /etc/aliases
newaliases > /dev/null
passwd $REBUN

----- END -----

have a nice day... Kai

EOT



< Previous Next >