On Tue, Jan 03, 2006 at 12:45:46PM -0500, Michael Erdely wrote:
> On 1/3/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > Since /etc/X11/xdm/TakeConsole runs with root permission on every user
> > > logout to prevent /dev/console sniffing I modified it to perform the
> > > shutdown if the flag file is found in the users home directory.
> > > This approach works perfectly but my questions are:
> > > Is there anything wrong with this approach?
> > > Is there's a better way to deal with the problem?
> >
> > This is a hack. It will work, untill you upgrade X11 without being very
> > careful.
> >
> > Why not just configure sudo to allow access to /sbin/halt without a
> > password from user dad? Of course, you then alter the KDE menu to do it
> > your way. And/or place a two-line shell script in ~dad/bin/halt:
> >
> Add dad to the operator group which can run /sbin/shutdown without sudo.
That's not a very good idea.
$ ls -la /dev/wd*
brw-r----- 1 root operator 0, 0 Nov 2 18:20 /dev/wd0a
brw-r----- 1 root operator 0, 1 Nov 2 18:20 /dev/wd0b
brw-r----- 1 root operator 0, 2 Nov 2 18:20 /dev/wd0c
<more>
brw-r----- 1 root operator 0, 15 Nov 2 18:20 /dev/wd0p
brw-r----- 1 root operator 0, 16 Nov 2 18:19 /dev/wd1a
<and so on>
And operator has more priviliges; more than enough to trash the system,
if he wants to, or to get root, if he is somewhat skilled. Far better to
just change a single line in /etc/sudoers.
Joachim
