Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] creating a normal user just for reboot
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sat, 12 Jan 2002 17:02:01 +0100
  • Message-id: <20020112170201.D2618@xxxxxxxxx>
* Kai-H. Weutzing wrote on Sat, Jan 12, 2002 at 07:56 +0100:
> useradd -u 0 -o -g 0 -d $HOMEDIR -s /sbin/reboot -c "Reboot User" reboot

I guess this will fail with "UID 0 is not unique".

BTW, I would prefere sudo a lot! I did a similar thing once upon
a time ago, but it was a dirty hack :) I did this:

(pseudo-shell code :))
useradd -m reboot
chown -R reboot.root ~reboot
chmod -R 700 ~reboot

cp `which reboot` ~reboot/reboot
#or hard-link?

chmod o=x ~reboot/reboot
chmod +s ~reboot/reboot

echo "~reboot/reboot" > ~reboot/.profile
echo "exit" >> ~reboot/.profile

After that, only root and reboot can reach ~reboot. Only them can
launch the setuid root binary reboot. Well, I had some wrapper
around this ("are you sure...." ; w... ). It worked. I limited to
local console only. Then I put a sign with the account
information so that everybody is able to shutdown (since
otherwise everybody would press power button). Finally I found it
more easy to use CTRL-ALT-DEL :)

[...63 lines cut...]

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >