On Monday 11 September 2006 09:20, Karol Kwiatkowski wrote: > Good day everyone, > > I'm trying to make it possible to restart (as in 'shutdown -r now') a > FreeBSD based router from LAN network as easy as possible so it can be > used by non-technical people.
First of all, it's easy enough to do this securely that you might as well do it. Install sudo, and use "visudo" to create a sudoers file with entries like: User_Alias REBOOTERS = username1,username2,username3 REBOOTERS ALL = (root) NOPASSWD: /sbin/reboot Next, create a reboot script for them: # cat /usr/local/sbin/reboot.sh sudo /sbin/reboot Finally, use OpenSSH's built-in options to run the script at login. From sshd(8): AUTHORIZED_KEYS FILE FORMAT [....] command="command" Specifies that the command is executed whenever this key is used for authentication. So, make each user's authorized_keys file look something like: ssh-rsa [long base64 string] [EMAIL PROTECTED] command="/usr/local/sbin/reboot.sh" Alternatively, do all the above for one single account: your "restart" user. Use authorized_keys to limit which of your real users has access to reboot the machine, and use "ssh -l restart balkyrouter.example.com" to trigger it. You could even go so far as to add a clause to /etc/ssh/ssh_config (or ~/.ssh/config for each individual user) like: Host rebootrouter Hostname balkyrouter.example.com User restart so that your users just run "ssh rebootrouter". So, to recap, when a user logs in, the reboot.sh script will be executed. It will use sudo to run the reboot command as root, without prompting the user to enter any password. It's easy, it works, and it doesn't require any setuid trickery or special accounts or anything else. -- Kirk Strauser
pgp6bWTuEAWYV.pgp
Description: PGP signature