In article <[EMAIL PROTECTED]>, David Roundy <[EMAIL PROTECTED]> wrote: >On Fri, Feb 15, 2002 at 11:05:27AM +0100, Miquel van Smoorenburg wrote: >> According to David Wright: >> > > Stuff like this doesn't belong in sysvinit. It belongs in an >> > > optional package that can call shutdown, not in shutdown itself. >> > > Let alone in the halt binary! >> > >> > Fine, I wouldn't object. >> > >> > But I would point out that (1) you don't loose any modularity with a pam >> > layer, since you can configure pam to require or not require just about >> > anything you want >> >> A PAM layer to do what? Currently, halt doesn't *have* anything >> like an interactive dialog built in. It isn't setuid. It's not >> meant to be called by users. >> >> That is the stuff that doesn't belong in halt. You might as well >> build an interactive shutdown dialog into /bin/mknod, that would >> make just as much sense. > >PAM can do a lot more than just interactive stuff. I would want to make it >so that shutdown can only be run by users on the console (or root, >perhaps). Is there some way to do this other than using pam?
You don't understand. shutdown/halt/reboot commands ARE NOT MEANT TO BE CALLED BY USERS If you want to make it possible for a user to do shutdown/halt/reboot, write a setuid wrapper program. Mike. -- Computers are useless, they only give answers. --Pablo Picasso