On Wed, 2004-10-13 at 14:11, Michael ODonnell wrote: > > useradd -c "execute reboot" > [...] > > -u 0 > > poweroff > > > There aren't any security problems here? It seems like there could > > be potential issues with having a "second root" account where the > > password was known. I'm not sure where exactly the problem would > > come from, but it just seems like there could be potential issues. > > > You're concerned that somebody might be able to use > the "poweroff" user's credentials to gain other root > privileges? I've not heard of a scenario where this > would be a problem.
The man page for su shows an option for changing the default shell that is run, "-s". I assume the risk here would be if one of these users were to run "su <shutdownacct> -s /bin/bash" and use the shutdown account's password to obtain an unrestricted root shell. I've never tried this so I'm not sure if that would work. Perhaps a better solution would be to set up a normal user account (ie, not uid=0) and give this user sudo access to run shutdown? Scott -- Scott Garman sgarman at iname dot com _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
