I've seen people write some nice scripts to do the job for mortal users.
As already noted though: The setuid shell script can be run by any user logged in on your system, either on the console or over the network. As not already stated: Shell scripts that are setuid to root are generally considered specifically risky. It's probably not a real item in your situation anyway. The solution with a file in /tmp is an elegant way around the the setuid-root scripts problems. On the other hand, because /tmp is world-writable and many system processes write to it, it might create it's own backdoors (again, I'm not an expert, but I wouldn't bet that you can be absolutely sure that there won't be a cracker that finds a way to remotely sendmail your machine into reboot without even having to login to it at all.) I think the canonical solution would be to: Create a group rebooters, set the shutdown binary group to rebooters and add any user that is allowed to perform shutdowns to the rebooters group. Then you can wrap the command in any customizable script with all the options and switches you want to give your users as default. I think I like the suggestion about /etc/shutdown.allow the best. Shutdowns should be done from the console anyway. > Of course, if you can trust people to manage to switch off a re-booting > computer during the "safe period" (i.e. after re-boot has started but > before Linux really gets under way) then simply Ctrl-Alt-Del should do it. Also, the options to shutdown in /etc/inittab are IMHO better with -h than -r. Of course, sysadmins don't trust users to know what's safe :-) My pc has a big reset button that I can use when I want to reboot after shutting the system down. Having the machine to just halt on Ctrl-Alt-Del is much more practical in most cases where you just want to shut down without having to log in as root. Joost