Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] creating a normal user just for reboot
  • From: Frederik Ferner <frederik_ferner@xxxxxx>
  • Date: Sat, 12 Jan 2002 19:18:41 +0100
  • Message-id: <20020112181841.GA5825@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi List,

On Sat, Jan 12, 2002 at 05:55:30PM +0100, OKDesign oHG Security Administrator wrote:
> Von: Steffen Dettmer [mailto:steffen@xxxxxxx]
>
> >* Kai-H. Weutzing wrote on Sat, Jan 12, 2002 at 07:56 +0100:
> >> useradd -u 0 -o -g 0 -d $HOMEDIR -s /sbin/reboot -c "Reboot User" reboot
> >
> >I guess this will fail with "UID 0 is not unique".
> >
> >BTW, I would prefere sudo a lot!
>
> Me too ! That's why I put this user in the sudoers, but it won't work (this
> was my original question *g*).
> How do I have to do this / what did I do wrong ?

I did the same thing on my home system. I have a special user for
stopping the system. It is in a group by its own and has a uid different
from 0. I just created a simple bash script that executes
/usr/bin/sudo /sbin/shutdown -n now

and I put that user in /etc/sudoers as
systhalt ALL=(ALL) NOPASSWD:/sbin/shutdown -h now

I would guess shutdown -r now should work as well for reboot.

I'm not sure how secure the shell script part is, but as this user
doesn't have special rights except to shutdown the system with sudo, it
is safe enough for me.

HTH,
Frederik


< Previous Next >